Audit of the contractual compliance of software services

Client

As a public administrative institution, our client wished to be supported in the performance of a contractual compliance audit of the software solutions made available on a platform open to the public.

This audit covers both the compliance of mobile/web applications in relation to the quality standard and the respect of contractual commitments made by third-party publishers.

Some key figures:

• More than 5 million users per year
• More than 300 applications hosted on the platform
• 185 third-party publishers

Objectives

The purpose of the assignment is to ensure compliance with the obligations incurred by each publisher under the contractual terms:

• Compliance with the rules relating to the GDPR regulation
• Conformity of the proposed content with the quality standards defined by the Client
• Reality of the online services delivered
• Validity of advertising content where applicable
• Respect of the listing process of the hosting platform

In addition to the audit carried out on each "service", our client also entrusted us with a mission to diagnose the process of listing publishers:

• Status of the listing process
• Mapping of the input data required for listing
• General summary of detected non-conformities
• Associated recommendations and action plans

Means implemented by CKS

To carry out the mission over a period of 3 months, CKS built a multidisciplinary Project team:

• A Mission Director, key player in the mission, participating in the production of analyses, managing the Customer relationship and carrying out a "Quality" check on each deliverable
• An Audit Project Manager, with a solid experience in monitoring the execution of SAAS software contracts and Personally Identifiable Information (PII).
• Two Analysts
• An IT Expert specialized in the development of SAAS software, an expert in GDPR, APIs, Big Data and Open Data themes

In order to carry out the mission within a tight timeframe, CKS deployed its Online Contract Management software (OCM). Currently in use at more than 30 clients, the OCM software allows to:

1. Monitor in real-time the execution of the contractual audit campaigns of the:
   1. Intellectual/IT services (PII) and software solutions
   2. OESD (Outsourced Essential Service Delivery)
   3. Services provided
2. Calculate a Contractual Compliance Index (CCI) for each "service" and/or company audited and thus make it possible to factualise and compare compliance with contractual commitments
3. Carry out cross-analyses by "control point", theme, perimeter, service provider, user service, etc.
4. Monitor the evolution of ratings over the different campaigns
5. Define a Contractual Compliance Index target (CCI target) with the supplier and manage the associated progress plan with all stakeholders
6. Record the results obtained and trace all audit trails while respecting the compartmentalization of information required by our clients

Results

The CKS audit carried out using the OCM tool enabled our client:

• To improve the reliability of contractual non-compliance metrics by "service" and share it with all stakeholders
• To define a mapping of service providers according to their contractual compliance index
• To define action plans differentiated by types of non-conformity:
  • Removal from the list
  • Immediate requests for trouble-shooting from service providers
  • Transversal progress plans on themes where "non-compliance" is recurrent
• To propose areas for improvement on the online hosting platform
• To identify necessary updates in contractual clauses