Considering outsourcing your IT infrastructure?

Must have contractual protections to include in your outsourcing contracts

Most businesses across all industries are accelerating their digital transformation and more and more businesses of different sizes are planning to increase their use of IT outsourcing. While cost savings remain the main reason companies outsource, quality and technical competence are equally important.

However, these arrangements raise a number of legal issues for both suppliers and customers. Depending on the specifics of the outsourcing, the contracts may involve agreements for consulting, software development, licensing, implementation, and maintenance, among others. The following are just some of the issues that are of critical importance when negotiating IT outsourcing agreements.

Software delivery models
Where the outsourcing includes delivery of software it is crucial to consider how that software is to be provided. For many years now there have been a number of different software delivery models and it is important to ensure that the method utilised works for your business.

Some of the key delivery methods are on-premise (that is to say software will be installed on the infrastructure in your office), software as a service (SaaS) where software is made available via the internet or cloud solutions as well as platform as a service and infrastructure as a service.

Understanding the benefits and risks of the various delivery models is key to deciding which outsourcing is right for the business.

Software Licensing
Of particular importance in an IT outsourcing contract will be the clauses relating to intellectual property rights, especially those that relate to the customer’s use of existing third party software and to the ownership of, or rights to use, any software developed by the supplier in the course of providing the outsourced services.

For example, in relation to a software license enabling the customer to use software, the customer should consider whether the terms of the license are sufficient to allow the customer to actually use the licensed software for the intended purpose. If the customer will need to make improvements or other modifications to the licensed software, the customer should ensure the license terms allow for that.

Service level Agreements
In situations where the supplier is to provide maintenance or other support, service-level agreements are important. Among other standards, these stipulate the times within which the supplier is contractually obligated to respond to requests to fix bugs and to actually fix the problem or deal with other problems that may arise. Often, the specified response time frames differ, depending on the severity of each problem.

Another way of measuring service levels is to measure the level of uptime (i.e. the amount of time during which the IT system is operational). This may be measured by time slot, with, for example, 99.5 percent availability required between the hours of 8 a.m. and 6 p.m., and more or less availability specified during other times.

Service-level agreements are helpful to both parties in that they function to achieve a mutual understanding on response times and what actions the supplier will take when problems are reported. The agreement may also specify liquidated damages to be payable when the supplier is late or otherwise fails to meet these obligations.

Exit Management
An exit management plan is essential in IT outsourcing contracts but it is often overlooked at the time when it should be given the most attention – during the formation of the contract. Without a well drafted and robust exit plan, you may find that your business is without critical IT support during a transition period. The purpose of an exit management plan is to agree on a set of procedures on termination and will deal with matters such as:

  • The continuation of provision of the services for the duration of the notice period and any run-off period.
  • The handing over or maintaining complex computer systems.
  • The provision of information and know-how to the customer or a new supplier.
  • The preservation of continuity between the outgoing supplier and the new supplier (or the customer, if the services are taken back in-house) and general assistance and co-operation between the parties.

Security of data and IT networks
Unless the outsourcing covers the whole of the customer’s IT infrastructure, it is likely that the customer will remain responsible for the security for some of the IT system. However, when the customer outsources certain IT functions or uses a cloud computing model such as Software as a Service (SaaS), the customer no longer has control regarding the type and level of data security protections used by the supplier.

The loss of control regarding data security is problematic since any confidential and sensitive information the customer may have provided to the supplier will often be stored on, and accessible from, the supplier’s systems. If this confidential and sensitive information of the customer is disclosed by the supplier (for example, via a security breach), the customer is generally the one that is going to be responsible for and have to deal with any liability that arises from that data breach.

Security in this sense relates to matters such as the protection of network and information systems and checking for viruses, as opposed to the physical security of premises. Most outsourcing agreements will contain a data security clause setting out requirements which the supplier must comply with to ensure the security of that data, thereby providing sufficient contractual protections for the customer. This could include confidentiality requirements, ensuring that staff who are involved with handling such data have been properly vetted and virus protection issues in relation to the IT systems.

Limitations of liability
As the supplier is the party providing the services they are the party who is most keen to include a limitation of liability clause in the contract. Where services are critical to the operation of the business of the customer, the losses which the customer may incur if the supplier fails to provide the service may be significant. For that reason, the supplier will seek to limit its liability to the customer whereas customers will be keen to ensure that any cap is set at a level to ensure they have a suitable remedy available. What the caps and limits on liability are in a contract are often hotly contested and a matter for negotiation between the parties.

How can we help?

These are but a few of the important issues that may need to be addressed in contracts that provide for IT outsourcing but there are many more. Of course, the issues of concern will vary, depending on the nature of what is being outsourced and the specific commercial concerns of the parties. For that reason, both customers and suppliers are encouraged to contact us to ensure they have a full understanding of the legal issues surrounding IT outsourcing.

For assistance with all aspects of your IT outsourcing contracts, please contact our commercial team.

Cesare McArdle
Partner, Commercial & Construction
View profileContact Us

This reflects the law and market position at the date of publication and is written as a general guide. It does not contain definitive legal advice, which should be sought in relation to a specific matter.

Latest Legal Insights

Best Law Firms 2024

Herrington Carmichael has once again been named in the Times Best Law Firms. We were first listed in 2023 and have once again made the Best Law Firms list for 2024.

Best Law Firm 2024