Considering outsourcing your IT infrastructure?

Sep 23, 2021

Must have contractual protections to include in your outsourcing contracts

Most businesses across all industries are accelerating their digital transformation and more and more businesses of different sizes are planning to increase their use of IT outsourcing. While cost savings remain the main reason companies outsource, quality and technical competence are equally important.

However, these arrangements raise a number of legal issues for both suppliers and customers. Depending on the specifics of the outsourcing, the contracts may involve agreements for consulting, software development, licensing, implementation, and maintenance, among others. The following are just some of the issues that are of critical importance when negotiating IT outsourcing agreements.

Software delivery models

Where the outsourcing includes delivery of software it is crucial to consider how that software is to be provided. For many years now there have been a number of different software delivery models and it is important to ensure that the method utilised works for your business.

Some of the key delivery methods are on-premise (that is to say software will be installed on the infrastructure in your office), software as a service (SaaS) where software is made available via the internet or cloud solutions as well as platform as a service and infrastructure as a service.

Understanding the benefits and risks of the various delivery models is key to deciding which outsourcing is right for the business.

Software Licensing

Of particular importance in an IT outsourcing contract will be the clauses relating to intellectual property rights, especially those that relate to the customer’s use of existing third party software and to the ownership of, or rights to use, any software developed by the supplier in the course of providing the outsourced services.

For example, in relation to a software license enabling the customer to use software, the customer should consider whether the terms of the license are sufficient to allow the customer to actually use the licensed software for the intended purpose. If the customer will need to make improvements or other modifications to the licensed software, the customer should ensure the license terms allow for that.

Service level Agreements

In situations where the supplier is to provide maintenance or other support, service-level agreements are important. Among other standards, these stipulate the times within which the supplier is contractually obligated to respond to requests to fix bugs and to actually fix the problem or deal with other problems that may arise. Often, the specified response time frames differ, depending on the severity of each problem.

Another way of measuring service levels is to measure the level of uptime (i.e. the amount of time during which the IT system is operational). This may be measured by time slot, with, for example, 99.5 percent availability required between the hours of 8 a.m. and 6 p.m., and more or less availability specified during other times.

Service-level agreements are helpful to both parties in that they function to achieve a mutual understanding on response times and what actions the supplier will take when problems are reported. The agreement may also specify liquidated damages to be payable when the supplier is late or otherwise fails to meet these obligations.

Exit Management

An exit management plan is essential in IT outsourcing contracts but it is often overlooked at the time when it should be given the most attention – during the formation of the contract. Without a well drafted and robust exit plan, you may find that your business is without critical IT support during a transition period. The purpose of an exit management plan is to agree on a set of procedures on termination and will deal with matters such as:

  • The continuation of provision of the services for the duration of the notice period and any run-off period.
  • The handing over or maintaining complex computer systems.
  • The provision of information and know-how to the customer or a new supplier.
  • The preservation of continuity between the outgoing supplier and the new supplier (or the customer, if the services are taken back in-house) and general assistance and co-operation between the parties.

Security of data and IT networks

Unless the outsourcing covers the whole of the customer’s IT infrastructure, it is likely that the customer will remain responsible for the security for some of the IT system. However, when the customer outsources certain IT functions or uses a cloud computing model such as Software as a Service (SaaS), the customer no longer has control regarding the type and level of data security protections used by the supplier.

The loss of control regarding data security is problematic since any confidential and sensitive information the customer may have provided to the supplier will often be stored on, and accessible from, the supplier’s systems. If this confidential and sensitive information of the customer is disclosed by the supplier (for example, via a security breach), the customer is generally the one that is going to be responsible for and have to deal with any liability that arises from that data breach.

Security in this sense relates to matters such as the protection of network and information systems and checking for viruses, as opposed to the physical security of premises. Most outsourcing agreements will contain a data security clause setting out requirements which the supplier must comply with to ensure the security of that data, thereby providing sufficient contractual protections for the customer. This could include confidentiality requirements, ensuring that staff who are involved with handling such data have been properly vetted and virus protection issues in relation to the IT systems.

Limitations of liability

As the supplier is the party providing the services they are the party who is most keen to include a limitation of liability clause in the contract. Where services are critical to the operation of the business of the customer, the losses which the customer may incur if the supplier fails to provide the service may be significant. For that reason, the supplier will seek to limit its liability to the customer whereas customers will be keen to ensure that any cap is set at a level to ensure they have a suitable remedy available. What the caps and limits on liability are in a contract are often hotly contested and a matter for negotiation between the parties.

How can we help?

These are but a few of the important issues that may need to be addressed in contracts that provide for IT outsourcing but there are many more. Of course, the issues of concern will vary, depending on the nature of what is being outsourced and the specific commercial concerns of the parties. For that reason, both customers and suppliers are encouraged to contact us to ensure they have a full understanding of the legal issues surrounding IT outsourcing.

For assistance with all aspects of your IT outsourcing contracts, please contact Mark Chapman or Cesare McArdle on 01276 686222 or via email: mark.chapman@herrington-carmichael.com or Cesare.Mcardle@herrington-carmichael.com.

This reflects the law at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought as appropriate in relation to your own particular matter before action is taken.

Mark Chapman

Mark Chapman

Partner, Corporate and Commercial Law

Cesare McArdle

Cesare McArdle

Senior Solicitor, Commercial and Construction Law

Sign up

Enter your email address for legal updates on Corporate and Commercial law.

Please see our privacy policy regarding use of your data.

Contact us

    The information you submit will be handled in accordance with our privacy policy.

    Latest Articles


    The Legal Room UK Podcast features a diverse range of specialists offering expertise on a variety of topics. 
    Subscribe on whatever podcast platform you use.

    Top Legal Insights


    Contract Law

    Material Breach of Contract

    What is a ‘material’ breach of contract by a party to a commercial contract? This is a critical issue regularly considered by the courts. What constitutes a material breach and what are the remedies?

    Property Law

    Commercial Lease: The Financial impact on Landlord and Tenant

    Coronavirus (COVID-19) and the restrictions now in place to control its spread, are having a significant effect on many business sectors.

    Divorce and Family Law

    Divorce in Lockdown: Can I get some discreet legal advice?

    We have spoken to clients who are unfortunately experiencing some family issues, and would like to obtain expert legal advice, yet don’t know how...

    Land & Property Dispute

    Restrictive Covenants – The Price of Modification

    Having identified that your land is burdened by a restrictive covenant and for the purposes of this article the covenant in question will be that only one residential building can be erected on the land. What do you do next?

    Wills, Trusts and Probate

    Why is having a will so important?

    It is entirely up to you if and when you want to create a Will, but it is important to be aware of the consequences of not having a Will.

    Award winning legal advice

    We are solicitors in Camberley, Wokingham and London. In 2019, Herrington Carmichael won ‘Property Law Firm of the Year’ at the Thames Valley Business Magazines Property Awards, ‘Best Medium Sized Business’ at the Surrey Heath Business Awards and we were named IR Global’s ‘Member of the Year’. We are ranked as a Leading Firm 2020 by Legal 500 and Alistair McArthur is ranked in Chambers 2020.


    60 St Martins Lane, Covent Garden, London WC2N 4JS 

    +44 (0) 203 755 0557



    Building 2  Watchmoor Park, Riverside Way, Camberley, Surrey  GU15 3YL

    +44 (0)1276 686 222


    Wokingham (Appointment only)

    4 The Courtyard, Denmark Street, Wokingham, Berkshire RG40 2AZ

    +44 (0)118 977 4045


    © 2021 Herrington Carmichael LLP. Registered in England and Wales company number OC322293.

    Herrington Carmichael LLP is authorised and regulated by the Solicitors Regulation Authority.

    Privacy Policy   |   Legal Notices, T&Cs, Complaints Resolution   |   Cookies

    Client Feedback   |   Diversity Data