Content

Step 4. Responding to risks

Objectives

To manage the risk to your institution by addressing non-compliance and issues raised by the audit.
To negotiate future contracts which best meet your requirements.

Actions

If you have identified Amber and Red boxes in your compliance audit, you will need to do something about it - addressing these risks and highlighting issues is much better than hiding behind them. There may be a number of possible reponses to each risk - eg mitigate, accept, transfer, defer or avoid. The general route you take (eg risk adverse) will depend on the risk appetite of your institution. See the risk management pages for further information.

It is important to ensure that you do not make unneccessary work for yourself and colleagues in responding to risks. For example, it is much better to negotiate with suppliers to allow you to undertake the activities that you wish to do, rather than implementing complex procedures to track the provenance of bibliographic records that you can use or transfer for only a restricted set of your activities. 

A number of resources are provided to put you in a better position for optimising contracts which are favourable for your institution, including:

During these negotiations, bear in mind how your requirements for using your bibliographic records may evolve in future; if it is possible to negotiate permissive licences (or even open data licensing) this will aid future service developments.

If your response to risks does require you to track the provenance of bibliographic records within your catalogue, consider carefully how this will be done. If you are using the inherited provenance fields within MARC records, recognise the limitations of this field - it must use it consistently.

Example

Risk: some of your activities do not comply with one of your suppliers' licence terms.

Possible responses:

  • Do nothing - accept the risk, add it to the risk register and put procedures in place to deal with situations that may arise.
  • Negotiate with the supplier to clarify the contractual terms (or to add in new terms) and mitigate the risk.
  • Cease activities which are not permitted and avoid the risk.

 Chosen response:

  • Negotiate with the supplier

Outcome

The existing contract was negotiated ten years ago and did not adequately reflect the supplier's current position.The supplier issues you a new, updated contract. After analysing this contract against your current and planned activities, you are happy that your institution can comply with these terms. The new contract is signed by the relevant authority in your institution, and details of the contract are recorded in the compliance audit.

 

 

 

This website "Transfer and Use of Bibliographic Records: Guidance in a Legal Issues" has been developed by Curtis+Cartwright Consulting Ltd in partnership with Ms Naomi Korn. It is the output of a project funded by JISC under the Information Environment Programme 2009-11. The contents of this website are for information purposes and guidance only. They do not constitute legal advice.


 

JISC logo

JISC Advance logo

JISC Legal is a JISC Advance service | JISC Legal is hosted by the University of Strathclyde, a charitable body, registered in Scotland, with registration number SC015263 | The contents of this website are provided for information purposes only and do not constitute legal advice. | Login |



 
skip navigation Menu top links right columnn content JISC Legal home page News Events