Can Healthcare.gov happen to you?
by. Henry Meier
The other day, my brother texted me the following question: how is it that a country with the technological ability to spy on anyone in the world and come up with computer programs making sense of all that data can’t set up a website that allows people easy access to the government’s signature domestic initiative? It’s a good question and underscores the primary difference between government and business. If a credit union publicized its cutting edge technology only to have it malfunction for several weeks after the official roll out, it would be out of business. The government just apologizes, points fingers and looks for quick fixes.
Ah, but before you pass too much judgment on Uncle Sam, ask yourself how safe you really are from the same fate of the government’s health care website. For years, NCUA has been stressing the importance of vendor due diligence. As someone who looks over the occasional credit union’s vendor contract, there is still much more to be done. The truth is that from your core processing system to online banking services, your credit union is probably more dependent than ever on vendors living up to their end of a contract.
So here again are some of the key issues that should be addressed in all contracts in general and your technology vendor contracts, in particular.
- Don’t be penny wise and pound foolish. When a contract poses operational and reputational risks to your credit union, hire a lawyer to review it.
- The devil is in the details. When we get into technology contracts in particular, there are a whole host of technical issues that should be addressed. For example, what software is going to be used and which party is responsible for maintaining it? In fact, there is so much detail that technology contracts often include service level agreements detailing the technical minutia on which the contract’s success ultimately depends and providing an excellent means to make sure that your IT people are on the same page. At the very least, these questions should be addressed in your agreements. If you gave me access to a vendor’s platform for processing disclosures, at what times will the service be available? Are there maintenance periods or blackout dates? Does the vendor have a disaster recovery plan? How quickly will they be able to access your data in the event something goes wrong?