Architecture and engineering firms are still learning how to cope with a growing cybersecurity threat. According to this year’s Global Application and Network Security Report from Radware, nearly half of all companies experienced a cyber ransomware attack in 2016. Vulnerability to loss of personal data, exposure of sensitive or proprietary information, etc., is also on the rise. Tim Corbett of SmartRisk LLC, a longtime affiliate of a/e ProNet, has recently analyzed the report findings. He writes that the gravest irony is that while “Employees are the first line of defense” against cyberattacks, they are also a company’s “greatest cyber security weakness.”

Employees’ personal habits regarding company data and digital interactions open doors for hackers, viruses, and the siphoning of information. If your employees aren’t aware of basic threats and/or best practices regarding cybersecurity, your firm is more likely to lose out. The costs of these attacks can be severe. They are also avoidable. SmartRisk’s post recommends regular and up-to-date cybersecurity trainings for your firm “[t]o obtain a broad understanding, and buy-in from the entire organization.”

Arm yourself with SmartRisk’s Checklist

According to SmartRisk, cybersecurity training should take place annually. Corbett offers a checklist for these trainings. Remember to include “all members of the organization, including senior management… so they are knowledgeable of recent trends, monitoring methods, and controls used to prevent the installation of malicious code on the organization’s computer systems.” He also recommends making cybersecurity training a standard protocol for new hires. It’s probably a good idea, as well, to encourage your IT department to be accessible for even basic questions on cybersecurity. Demystifying the response to the threat will empower your employees to be proactive in protecting the company’s interests.

October is Cybersecurity Awareness Month, so you can find a/e ProNet’s past posts on related issues here:

Federal Trade Commission Releases How-To Cybersecurity Guide (Oct 2016)

Cyber Security Awareness & Last Week’s DDOS Hack (Oct 2015)

As always, if you have further questions, please contact your a/e ProNet broker.

The word standard implies many things. A bar to be cleared; a rubric to be followed. But for design professionals, the word becomes tricky when applied to contracts. Project owners often want to keep things simple by requiring so-called Standard Contracts for all parties. This is a problem for architects and engineers, especially from an insurance perspective.

Construction contracts cause problems for design professionals.

The following are a few Frequently Asked Questions we see from architects and engineers on this issue:

My project Owner insists on using their own contract for hiring my professional services. They are adamant this is a Standard Contract. How should I respond?

There is no such thing as a Standard Contract. Be sure to read each contract submitted by your clients carefully. You need to understand both the client’s expectations and your firm’s rights and responsibilities. It is a good idea to have all owner-drafted agreements reviewed by your attorney and/or insurance broker. This will help to determine whether you are accepting responsibility beyond what common law would hold you to in the absence of the agreement.  If, for example, you agree to accountability beyond the protection afforded by your professional liability insurance, that’s a problem.

When I perform professional services for a Contractor in lieu of an Owner, should I be concerned?

Yes. Construction contracts are not meant to be used in this arrangement; they are not designed to meet the needs of the design professional.

What are some of the problems with using “construction contracts” for design services?

Construction contracts are problematic for design professionals. A General Contractor’s contract with a project Owner includes certain requirements (e.g. means, methods, procedures, sequences, safety, etc.). These requirements trickle down to construction subcontractors the verbiage of construction contracts. Beyond that, none of these requirements meet the test of what a design professional should required to do on the same job.

Contract document libraries available via the AIA and EJCDC can be a good place for design professionals to begin. These are standard in the sense that they are templates. However, it’s still important to seek individualized guidance from your attorney and/or insurance broker.

What are some of the other problems with utilizing “construction contracts” for design services?

Most construction contracts contain warranties/guarantees, and some have performance standards. To our knowledge, all professional liability insurance policies for design professionals exclude coverage for warranties/guarantees and (likely) performance standards. Remember: if you commit your design firm to more responsibility than the law expects of you, your insurance policy cannot protect you the way that it should.

We hope you’ve found this helpful. As always, be sure to contact your local a/e ProNet broker if you have further questions.

Some of the most frequently asked questions we hear are triggered by the disparities between the insurance coverage available to design professionals and the demands made for coverage by general contractors and their standard contracts.

 

shutterstock_333194531

This is a nuanced area, and you should call your local a/e ProNet broker if you have specific questions. In the meantime, here are a few quick answers to the biggest FAQs concerning this issue:

Is it wise of General Contractors to require professional subconsultants to sign their usual sub-contract form?

No. Contractors that require the use of the same contract form used for construction sub-contractors may unwittingly void the precise coverage they are seeking from their design professional. Professional Liability (Errors & Omissions, or E&O) policies for design professionals typically exclude warranties and guarantees, which are generally an integral part of construction sub-contracts. If the design firm “agrees” to the warranties and guarantees or any other responsibility excluded by their professional liability policy, the design firm will be assuming the defense costs and payment obligations if an award is granted by the courts.

The General Contractor has requested to be named as an “Additional Insured” on my professional liability policy. Can I accommodate this request?

It is not a good idea to name the contractor as an additional insured in the sub-consultant’s design E&O policy, because an “Insured vs Insured” exclusion exists in virtually all design E&O policies. If the contractor believes he has a cause of action against his subconsultant design firm, this exclusion will eliminate coverage for both the contractor and the design firm.

How can the General Contractor protect themselves?

The General Contractor may purchase Contractor’s Professional Liability insurance. This will protect the General Contractor from vicarious liability claims from third parties and also solves the problem of the “Insured vs Insured” exclusion that would apply if the contractor brings an action against the subconsultant design firm, when named as an additional insured. Another benefit is a separate set of insurance limits. The General Contractor would have their own set of insurance limits that would not be subject to dilution or reduction from other claimants against the design professional’s E&O policy covering their general practice.

Why would the General Contractor need Professional Liability coverage?

Several reasons:

The General Contractor has the same “vicarious liability” for the negligent acts, errors or omissions of their professional subconsultants as they do for the non-professional subcontractors.

The General Contractor cannot rely solely on the hold harmless indemnity clause in the contract document. The hold harmless may not be enforceable in certain jurisdictions because of the language of the indemnity clause.

The subconsultant may not have sufficient insurance or their policy limits may be reduced or exhausted from other claims.

The subconsultant’s policies may be cancelled by the carrier giving notice or for non-payment of premiums. The General Contractor is then left with a false sense of security if they rely on the general liability insurance of the subconsultant, which excludes professional design activities and responsibilities.

Meeting halfway, in this case, really involves helping everyone acquire appropriate coverage. If you are a General Contractor in need of Professional Liability (E&O) insurance, or if you are a design professional who needs someone to explain all this to a General Contractor demanding such ill-advised insurance/contract decisions, please don’t hesitate to call on us.

More answers to Frequently Asked Questions can be found on our FAQ page.

PNN_1604Design professionals are often asked by their clients to sign contracts that include comprehensive—sometimes unreasonable—insurance requirements and indemnification terms.  These are usually drafted with the goal of protecting owners, clients, contractors, or other project participants.  But how does this work when the required coverages aren’t found in the commercial insurance marketplace?

Certificates of insurance (COIs)—which are also often requested in those professional service contracts—provide summaries or verification of current coverage, including policy effective dates, insurers, and certain policy limits.  A certificate gives a snapshot to the requestor (usually known as the certificate holder) for informational purposes.   It’s important to understand that in no way does a certificate endorse, amend, alter, or extend coverage; nor does it act as a contract.  Certificates are often provided using a set of industry standard forms produced by ACORD (formally known as the Association for Cooperative Operations Research and Development), which indicate:

THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS ON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AMEND, EXTEND OR ALTER THE COVERAGE REPORTED BY THE POLICIES DESCRIBED BELOW.

Issuers of COIs generally strive to accurately reflect the insurance policies that are in effect, but those who are relying on the forms need to keep in mind that it’s virtually impossible to summarize an insurance policy of over a hundred pages in a form that contains a few boxes.  Adding to this, those who are issuing insurance certificates often struggle as they try to confirm in a COI that specific and detailed contractual requirements are—or aren’t—being met.

One common challenge is meeting a request that an insurer provide notice of a policy’s cancellation to the insured’s clients.  To do so, the insurer would need to track all such requirements for all insureds for the duration of each contractual requirement—which may even be unspecified.  With this in mind, ACORD made changes in 2010 to clarify that insurers’ notification duties are as defined in the insurance policy, not in the professional services contract.

Generally, courts agree that a certificate of insurance is not a contract.  One fundamental reason is that no consideration—or payment—is given by the certificate holder to the issuer.  However, there is a duty to make accurate representations within the confines of the overall system.  To consider this, we’ll review a few recent cases interpreting the obligations for COIs and their issuers. Continue reading “Certificates of Insurance: Why You Can’t Always Have It Your Way”

Are Hackers a Threat to My Design Firm?

Hackers make headlines daily with targets ranging from major Swiss banks to Minecraft users to German nuclear power plants. But what are the risks to architects and engineers?

keyboard

Professional Liability carrier Victor O. Schinnerer urges design professionals to Take Cyber Liability Exposures Seriously in a recent blog post:

Cyber liability problems that have disrupted firm operations often are based on one of three vectors:

— insiders who are dissatisfied or recognize their ability to tap firm assets and use that access for harm or personal profit;

— past employees who either take digital assets with them or to enact revenge against their former employers corrupt firm systems and information; and

— hackers who know that confidential project data is vulnerable and hold digital information hostage until a ransom is paid.

Hackers Can Wreak Havoc on a Firm

Although internal threats cause many cyber liability breaches, a malicious outsider is one of the greatest fears of professional services firms. A hacker could cause data inaccessibility through alteration or destruction. A firm would lose intellectual property and no longer be able to meet contract objectives and deadlines. Attackers who gain access to a firm’s data can encrypt it using ransom-ware and extort payment to regain access to information. Firms that do not properly preserve digital assets through robust back-up systems often have no alternative but to pay the ransom.

Construction projects today are increasingly dependent on digital technology. The adoption of BIM and the increasing use of digital technologies in designing, constructing, and operating buildings and infrastructure are transforming the way the industry works. The concept of collaborative work through the sharing and use of detailed models and large amounts of digital information requires that parties be aware of vulnerability issues and take appropriate control measures. Improper access controls could lead to an attack severely disrupting progress on a project, causing delays or remedial work that could lead to significant claims from owners, lenders, or other stakeholders. And if confidential information on the structure or systems of projects is accessed by unauthorized parties, the safety of the owners and users of the buildings or infrastructure could be put at risk.

It is possible to insure against these vulnerabilities. Schinnerer’s Cyber Protection Package is one example of such coverage. Here are a few others:

Give your local a/e ProNet broker a call to discuss your options today.

smoothsailing_engineeringinc

Design firms preparing to purchase or renew professional liability insurance ask the same few questions every year.

How will my professional liability premium be calculated? Will my professional liability premium go up? Should I change professional liability insurance companies?

One helpful resource to answer these questions is the 2015 Professional Liability Insurance Survey of Carriers, a report published annually by the ACEC along with a companion analysis in Engineering, Inc. that includes insight from insurance companies and other experts  This year, the title of the article says it all: 2015 was “Smooth Sailing” for the professional liability insurance industry, and that means good things for architects and engineers.

“The ACEC Risk Management Committee worked with the American Institute of Architects, the AIA Trust, and the National Society of Professional Engineers to survey 18 carriers.” With construction spending higher than it’s been in years and expected to rise, the number of insurance companies providing professional liability insurance to architects and engineers is also growing. New markets increase the competition for more established companies, and keep rates stable, which means Eric Moore, President of a/e ProNet and Vice President of Moore Insurance Services, is optimistic.

“Nonrenewal is about the only reason Moore would suggest changing carriers” this year. “If you do see a claim, a carrier you’ve been with a few years is less likely to drop you, he says.”

Also quoted in the article are representatives from several of the top-tier professional liability insurance carriers, like a/e ProNet sponsors Travelers, Beazley, and Victor O. Schinnerer, as well as Tim Corbett of SmartRisk, a performance management consultant for the design and construction industry, who has written for a/e ProNet many times.

You can read a digital version of this article in the January/February 2016 issue of Engineering, Inc.

As always, if you have any questions about this report or the professional liability market, please contact your local a/e ProNet broker today.

PNN_1511In what attorney Brian Stewart calls a “disturbing trend,” more and more project owners design professionals to procure separate questionnaires from their insurance brokers. These “broker-verification questionnaires” are meant to re-state or re-affirm the limits, exclusions, etc. of the relevant insurance policies to the project.  If you’re an architect or engineer who has met push-back from your broker on this issue, our November 2015 issue of ProNetwork News explains why:

I:  The Problem with Broker Verifications

The use of broker-verification questionnaires has been a growing trend seen most commonly in the context of construction insurance… Historically, a broker has satisfied this requirement through the production of a certificate of insurance or, if necessary, a copy of the policies themselves which demonstrate that the insured had the applicable coverage.  However, a number of project owners have recently been refusing to accept certificates alone and are requiring brokers to complete a questionnaire and verification, with the understanding that a failure to complete the questionnaire will cost the broker’s client the job.

The increasingly frequent use of such broker-verification questionnaires raises a number of legal issues for the broker.  The first issue deals with the broker’s authority to interpret the underlying policy between the insurer and the insured and whether a broker has the authority to confirm in writing whether a specific policy meets the requirements, not of the contract between the Owner and the insured but rather the requirements contained in the broker-verification questionnaires.  The second legal issue deals with the effect of a conflict between the underlying policy and the language of the questionnaire.  Specifically, what is the legal consequence when a broker completes a questionnaire that potentially contains conflicting language from the actual policy?  Finally, this opinion will analyze what risks and liabilities a broker is exposed to when completing  a questionnaire that contains language that is in conflict with  or amends, modifies, expands, etc. the underlying policy.

II:  Principles of Contract

Insurance is a matter of contract governed by the rules of contract. Unlike the ordinary commercial contract where the parties seek to ensure a commercial advantage for themselves, an insurance contract seeks to obtain some measure of financial security and protection against calamity for the insured.

Being a voluntary contract, as long as the terms and conditions made therefor are not unreasonable or in violation of legal rules and requirements, the parties may make it on such terms, and incorporate such provisions and conditions as they would see fit to adopt.  The rights and obligations of parties to an insurance contract are determined by the language of the contact and the insurance policy is the law between the parties unless the contractual provisions are contrary to public opinion or law.

III:  Role of the Broker

An insurance broker provides a professional service for the insured, its client and goes to the insurance market to determine what policy or policies best fit the needs of its clients.

Relevant distinctions exist between an insurance agent and an insurance broker.  Whereas an agent generally represents a particular insurance company, an insurance broker generally represents only the insured. Consequently, an insurance broker owes a duty to the insured and not the insurer. Continue reading “The Down-Low on Broker-Verification Questionnaires”

drone

They offer a bird’s eye view of construction sites. They provide breathtaking photographic opportunities for architects looking to showcase their work. And they’re fun to fly. However, while they may be intriguing tools for architects and engineers, drones open up the design firms that use them to many possibly unanticipated risks. These days, obtaining a drone is as simple as stopping at your local WalMart, but all drones are not created equal, nor are all drone pilots equally skilled and certified.

Victor O. Schinnerer’s Risk Management Blog recently offered an overview of this issue. Should your design firm use a drone in your administration of contracted services? Read on:

“Professional service firms have to be aware that the use of drones is not a simple transition in the process of observing the work on a project site. As with web cameras, drone cameras often produce far more images than are used in the evaluation of a project. If not properly denoted in a contract, the scope of the firm’s services could include the use of all the available images as part of the firm’s duty to observe and evaluate the project as part of construction contract administration duties.

“Additionally, while licensed drone operators are undoubtedly careful about having general liability insurance that protects others from their negligence in aerial activities, and follow the FAA’s rules and guidelines, many firms using drone photography are doing so as amateurs. Turning hobby activities into commercial uses is likely to be unlawful, dangerous, and uninsured.”

Continue reading Drone use can put firms at risk beyond their knowledge by Frank Musica

PNN_1411Which is better, more or less documentation in your project file after the job is complete? Despite recent advances in technology, document retention has become a difficult, expensive and complex proposition. Computers have changed design professionals’ work flows and methods, greatly increasing efficiencies, but also exponentially multiplying the volume of data; e-mails, attachments, drawing revisions, text and voice messages, not to mention folks are still sending faxes and letters, actual paper ones. All of this adds up and can become an unmanageable mess, even for the best of us.

Making decisions now about which project documents to keep and which to discard is like trying to pick who will win the Super Bowl in the year 2024. You never know which ones will be the most important until you are right in the middle of a claim. Experience and common sense tell us that there are certain documents that, no matter what, are probably safe bets to come in handy down the road. You may also be required by law or contract to keep certain records for certain time frames.

This article will offer suggestions on those categories of critical project documents necessary to defend claims, and which ones are better off being discarded as a matter of course after project completion. The question ultimately is framed as “what to keep and for how long?” Of course, these are only suggestions, and you should discuss implementation of any document retention program with your chosen legal and accounting advisors in your specific jurisdiction. Further, this article only addresses retention of construction project documents and not corporate, HR or tax records.

“Age of Discovery”

Modern construction projects, with all this data, are subject to modern lawsuits. These lawsuits are conducted by increasingly younger, tech savvy and sophisticated lawyers who sometimes make the litigation more about the discovery effort than about the facts of the case. Parties are allowed to submit detailed and specific “requests for production of documents” once in the lawsuit, or issue subpoenas to non-parties. State and federal court discovery rules could require parties to turn over copies of all information they have in their possession related to the project. Continue reading “Document Retention: More Paper or Paper-Less?”