Contracts come from the world of Zero Trust, writes Consultant to Fortinet Jennie Vickers, but a new Auckland Council contract template has brought trust into the equation – and it’s also subtracted plenty of pages and small print.
This article is part of our spotlight on New Zealand Government Procurement
Steeped in the world of cyber security over the last 12 months, I have become very comfortable with the increasingly non-negotiable concept of Zero Trust. If you’re from the physical security world and not familiar with the Zero Trust concept, this explanation from Alain Sanchez EMEA CISO for Fortinet, is a good one:
The sophistication of the cyber threat landscape has extended to new classes of attacks that aim to inflict damage while remaining silent. They are targeting IT and OT devices, and the industrial systems that manage production in segments such as manufacturing, energy, and pharmaceuticals. And the COVID-19 pandemic accelerated the need for full automation of production.
As production relies more and more on sophisticated regulation, no sensor, application, or user should by default be allowed to influence the running of any critical infrastructure or process. Due to the precision and speed of production required, any malicious order or fake value sent into the process can have devastating effects.
Network access can be compared to the physical access to a controlled building. The default state of all entry doors needs to be set to “closed,” and not “open.” Access rules need to be dynamically refreshed with real-time authentication systems. An individual’s credentials should not just be established at the exterior door, but throughout the building. And the overall behavior of that individual while inside the building should be monitored against a machine-learning baseline profile so that if an individual begins behaving badly, actions can be taken.
This holistic vision of a trust that is continuously earned rather than granted once for all access requires a full integration of the entire security ecosystem.
Read this article in the digital edition
From Zero Trust to Trust
While Zero Trust may be the new normal in cybersecurity, in the world of contracts and commercials trust and values have never been more important and never before placed under such scrutiny and discussion.
Daily, I see for myself that the physical security sector is full of amazing people. Many arrive in the sector after unsatisfying school careers or bad work experiences, looking for a place to belong. A place where their values, their desire to support and protect and make a difference, can find a home.
However, for many, as they climb up the ranks, getting to grips with – and then managing – contracts is an irritating reminder of the unsatisfying environments they escaped from!
My background is commercial law and even for me way back, I was amazed at how unsatisfactory so many contracts are and how unsuited they are to the needs of, well, pretty much everyone. It took running my own law firm to be able to shift the way I created agreements.
Meantime, across the world so many commercial relationships continue to be documented in a poor and inappropriate way, which often hampers the intended purpose, and while some may spout values, they continue to represent a Victorian paradigm of masters and servants.
Lawyers are pretty geeky about their craft and can get excited when they see a rare innovation in the legal field. Imagine my delight to see a new contractual baby that has been born by the Auckland Council and which it is happy to share with the world.
The baby in question is the Kia Ora Services Agreement. We are talking:
- Value and values driven
- No legalese
- No boilerplate
- no interpretation section
- Simple to read and simple to use.
Values Led
The Auckland Council team made me laugh when they said that they had used their new agreement template on the legal profession, when tendering out Council legal services recently to the big end of the legal world. Audacious move, but who better to test drive this new approach on.
“The contract provided to us as an external legal partner (based on the Kia ora Agreement) was a breath of fresh air – plain language, outcomes focused, value and values-led,” said Nick Wilson of Simpson Grierson, one of the successful tenderers. “The kaupapa/purpose statement on the front page of the contract sums up the approach:
Legal Services helps Council “do the right thing, the right way”. You’re part of making that happen, using integrated working behaviours to deliver seamless, high quality services to clients, and helping activate our Māori outcomes, diversity and inclusion and sustainability goals.
“What I particularly noticed was the meaningful effort that had been made to incorporate te reo Māori into the contract, which is a leap forward compared to most NZ legal template contracts,” he said. “This should act as an incentive for users of the contract to embrace use of te reo Māori more substantively.”
Bram van Melle, Manager, Projects & Transactions Bram was the champion of this project. Describing it to his Council colleagues, he said that it was a genuine team effort. “The Communication department asked what we’d say if we only had one page, and the first thing was ‘welcome aboard’ so the ‘Kia ora’ name suggested itself. Ngā Mātārae, our Māori Outcomes Directorate, was fantastic with some real ‘challenge thinking’ on relationships.”
“Putting the content in people-oriented themes lent itself to the use of whakataukī in each section,” he said. “And bringing the focus back to the ‘big three’ of what we’re buying, how we’re paying, and how we measure success is right at the top of Procurement’s bucket list. Definitely a better-together exercise, we’re pretty stoked”.
Suppliers from across the whole spectrum of goods and services used by Council will get to see this agreement for themselves over the coming months, as new contracts get issued for negotiation.
One of the previous agreement templates was 15 pages long with small type. This one is down to a third of the size of the original and many of the new words are English versions of the new Te reo language.
Towards a New Relationship
WorldCC (previously IACCM – the International Association for Contract and Commercial Management) has, for the past 20+ years, been advocating for the reframing of the role of contracts as frameworks for relationships. They have also been stressing the importance of a greater focus on the desired outcomes and not so much on the inputs (which themselves needed so much contract small print).
With this new form, expect to see more focus on, and clarity from, the tailored sections. These sections will now probably include more focus on a purpose statement, anchoring the contract to outcomes and desired achievements and more clarity around keeping the work and relationship on track.
I went hunting for some of the old chestnuts to see how these are now dealt with. Public Liability and Professional Indemnity Insurance cover amounts are often an issue for SMEs. Too often they are hard wired into agreements with fixed amounts which are excessive when the risk and fairness is considered. With this new approach those insurance cover requirements are considered on the front page. SMEs should be better placed now to have a discussion with their Council counterpart about what is necessary and fair, rather than trying to resist fixed T&Cs controlled by someone in a lofty office!
As a person who wears many hats, I have a few conclusions. With my lawyer hat (wig?) on I think this is a great leap forward; with my cyber helmet on, it is nice to see values featuring so highly in this Zero Trust world; and with my commercial management cap on, I think this is a great move towards reframing contracts with Council as frameworks for relationships.
With my Pollyanna bonnet on, I would like to see the next iterations of this template include provision for recognising the values of the suppliers and some of the principles of good supplier relationship management around being a good and better customer and recognising the importance of balance in every relationship.
One of the things we saw from Government during the past two years of COVID-19 disruptions was a better recognition of the critically important part suppliers play as extensions of their customers and parts of their teams. In Australia, the Government talks about industry as a fundamental input to capability. In New Zealand, over the last two years we saw evidence of this in excellence awards to industry.
With so much global focus on supply chains , mutual dependency between customers and suppliers will continue to grow. This growth means an increasing trend in mutually beneficial outcomes and this new Auckland Council template is a great step in that direction.
