Legal Guidance and Research / Experts / Craig Armstrong
Craig Armstrong#145
LinkedIn External

Craig Armstrong

Shoosmiths
Craig is an IT & Tech within Shoosmiths’ Commercial team and advises on a wide range of IT and sourcing matters across a wide range of industry sectors with a particular focus on the IT, financial services and retail sectors. Craig's diverse experience includes negotiating IT infrastructure and desktop outsourcings, ERP and CRM system procurements, complex IT-centric and business process outsourcings (both onshore and offshore), negotiating software implementation, licensing and support agreements, and advising on contractual arrangements relating to e-commerce trading platforms and co-branded financial services on behalf of financial institutions and retail partners. Craig also has niche expertise within financial services and advises on merchant acquiring, co-branded and affinity products, customer account value added services and other commercial contracts within the retail financial services sector. Craig is ITIL certified, the leading global best business practice for IT Service Management.

Practice Areas

Panels

  • Consulting Editorial Board
  • Contributing Author
  • Q&A Panel

Qualified Year

  • 2000

Membership

  • Society for Computers and Law

Education

  • University of Wales, Cardiff LLB, Law 1994 1997

3 Contributions by Craig Armstrong

PCI DSS v4.0.1 for UK lawyers: compliance, scope, enforcement and key contracting issues; interplay with UK GDPR, tokenisation, virtual cards and the PCI Software Security Framework
PRACTICE NOTES
PCI DSS v4.0.1 for UK lawyers: compliance, scope, enforcement and key contracting issues; interplay with UK GDPR, tokenisation, virtual cards and the PCI Software Security Framework
This Practice Note This Practice Note supports commercial practitioners advising merchants or their subcontractors. It outlines the Payment Card Industry Data Security Standards (PCI DSS), traces the origins of PCI DSS and the Payment Card Industry Security Standards Council (PCI SSC), sets out who is in scope, and distils its principles and requirements. It reviews compliance obligations and enforcement, including card scheme penalties, and how these align with UK privacy and data security laws and standards. Topics addressed include PIN Transaction Security (PTS), the Payment Application Data Security Standard (PA-DSS), tokenisation, and considerations for shared-hosting providers. It also highlights key contractual protections that merchants should obtain from service providers. The Note excludes sector-specific laws, practices, or PCI DSS duties relevant to financial institutions, merchant acquirers, payment processors, payment networks, and banks, as these are for specialists. For detailed sector guidance on payment services, see: Payment services and e-money—overview Payment systems—overview As Discover Financial Services and JCB International lack a material UK presence, the focus is on the approach of MasterCard, Visa and American Express...
Commercial
Precedent supplier‑favouring systems integration agreement (software, hardware, development, licensing, acceptance and maintenance) under the law of England and Wales
PRECEDENTS
Precedent supplier‑favouring systems integration agreement (software, hardware, development, licensing, acceptance and maintenance) under the law of England and Wales
This Agreement is entered into on [ date ] Parties [ insert name of supplier ], a company registered in [ England and Wales ] with number [ insert registered number ] and whose registered office is at [ insert address ] (Supplier); and [ insert name of customer ], a company registered in [ England and Wales ] with number [ insert registered number ] and whose registered office is at [ insert address ] (Customer). Each of the Supplier and the Customer is a party, and together the Supplier and the Customer are the parties. Background The Customer intends to procure software, [ hardware ], software configuration and development services, installation services, and other related services. The Customer has agreed to procure the Services from the Supplier, and the Supplier has agreed to provide the Services to the Customer on the terms and conditions of this Agreement. ...
TMT
Precedent systems integration agreement (pro-customer): software development, hardware supply, installation, acceptance testing, maintenance, service levels, IP assignment, data protection, escrow, step-in and change control (England and Wales law)
PRECEDENTS
Precedent systems integration agreement (pro-customer): software development, hardware supply, installation, acceptance testing, maintenance, service levels, IP assignment, data protection, escrow, step-in and change control (England and Wales law)
This Agreement is entered into on [ date ]. Parties [ insert name of supplier ], a company incorporated in [ England and Wales ] under number [ insert registered number ], whose registered office is at [ insert address ] (Supplier); and [ insert name of customer ], a company incorporated in [ England and Wales ] under number [ insert registered number ], whose registered office is at [ insert address ] (Customer). Each of the Supplier and the Customer is a party and, together, the Supplier and the Customer are the parties. Background (A) The Customer intends to obtain software, [ hardware ], software configuration and development services, installation services, and other associated services. The Supplier has stated to the Customer that it has expertise in delivering such services to clients within the [ insert relevant industry, eg retail ] sector. (B) The Customer has agreed to purchase the Services from the Supplier, and the Supplier has agreed to deliver the Services to the Customer in accordance with the terms and conditions of this Agreement...
TMT
Expert page AD
If you expected to see yourself on this page, click here.