Outsourcing Agreements

The uptake of cloud computing among SMEs is rapidly growing. Services range from a single application delivered as Software as a Service (SaaS) to entire data centres being transitioned to the cloud using Infrastructure as a Service (IaaS). Outsourcing in some form is vital for many SMEs. However outsourcing also has its risks.

We solve problems from early stage negotiations through to adapting established outsourcing agreements to make sure they are fit for purpose.

In an outsourcing context the services are typically provided on an ongoing basis, compared with a construction or design project where there is a pre-agreed end point following completion and handover.

Key points for an Outscourcing Agreement

From experience, the following will always be important :-

• Structure – the simplest form of structure is an IT outsourcing agreement directly between the customer and the supplier of the services.  But there can be added layers of complexity to work through.
• Risk – where the outsourcing arrangement is more complex a joint venture structure, whether corporate or contractual in nature, often gives the customer a greater degree of control. Like all joint ventures, the parties should consider ownership of intellectual property and exit provisions at the commencement of the collaboration.
• Protecting Intellectual property – where any software is involved establishing ownership is crucial. Is code being developed or licensed? What happens to improvements? These base level ownership provisions are often forgotten in the eagerness to start the provision of services.
• Transfer of assets – If a transfer of assets is anticipated, a separate transfer agreement may be negotiated. Or, in some cases, it is easier for the transfer arrangement to be covered in the outsourcing agreement itself. A transfer of assets will involve tax considerations – we can involve specialist teams to help with the process from start to close.
• Supplier status – If the proposed supplier is not the main trading entity within its group, or does not have sufficient assets to meet its potential contractual liabilities then there are risks. In such circumstances we consider solutions such as a parent company guarantee. The advantage of a guarantee is that it offers a degree of protection if the supplier defaults under the outsourcing agreement. This will all depend on commercial bargaining power.
• Step In rights – allows the customer to step in and take over the outsourced operations if the supplier cannot or does not perform. Once the supplier is able to demonstrate that it will again be able to meet its contractual obligations, the customer steps out. Equivalent step-in rights can flow down through sub-contracts as well. This right is common in outsourcing agreements involving public authorities. The events which can give rise to the right to step-in are not limited to the supplier’s contractual breach but can include no-fault triggers.
• Independent monitoring – with the rise of cloud computing and with outsourced services increasingly provided through shared infrastructure and facilities with non-dedicated staff and third party technology, exercising traditional step-in rights can be more difficult and may not be appropriate. Rather than breach of contract (the typical step-in trigger) cloud-based outsourcing agreements may instead put more emphasis on enhanced customer monitoring, oversight and remediation, which can be managed by an independent third party.
• Multi-jurisdictional issues – Risks for customers can be avoided if you require that the supplier should remain liable for the acts and omissions of any permitted subcontractors as if they were its own. The supplier should always think carefully if intending to appoint subcontractors in multiple jurisdictions it there will be risks involved. Solutions can involve the customer having a veto over use of sub-contractors, a contractual right to pay key subcontractors directly or an indemnity from the supplier to the customer for the acts and omissions of subcontractors.

Data protection

Data protection issues are a major cause of tension between customers and suppliers of outsourcing agreements. Issues are especially common in IT service and cloud-based contracts and usually revolve around:

• Distinctions between controllers and processors;
• Restrictions on data transfers; and
• Security obligations.

Unless contractual provisions provide clarity, a fact-finding exercise will reveal what role each party is taking with respect to the handling and control of data. Cross-warranties are not uncommon and special care has to be taken when data is likely to flow outside the EEA. This is particularly important for companies in a group with overseas entities.

Our specialist lawyers provide highly commercial, affordable advice and can draft, advise on, review or negotiate the right form of outsourcing agreement for you.