The uptake of cloud computing among SMEs is rapidly growing. Services range from a single application delivered as Software as a Service (SaaS) to entire data centres being transitioned to the cloud using Infrastructure as a Service (IaaS). Outsourcing in some form is vital for many SMEs. However outsourcing also has its risks. We solve problems from early stage negotiations through to adapting established outsourcing agreements to make sure they are fit for purpose.
In an outsourcing context the services are typically provided on an ongoing basis, compared with a construction or design project where there is a pre-agreed end point following completion and handover.
Structuring outsourcing agreements
The simplest form of structure is an IT outsourcing agreement directly between the customer and the supplier of the services. But there can be added layers of complexity to work through.
Where the outsourcing arrangement is more complex a joint venture structure, whether corporate or contractual in nature, often gives the customer a greater degree of control. Like all joint ventures, the parties should consider ownership of intellectual property and exit provisions at the commencement of the collaboration.
Where any software is involved establishing ownership is crucial. Is code being developed or licensed? What happens to improvements? These base level ownership provisions are often forgotten in the eagerness to start the provision of services.
Transfer of assets
If a transfer of assets is anticipated, a separate transfer agreement may be negotiated. Or, in some cases, it is easier for the transfer arrangement to be covered in the outsourcing agreement itself. A transfer of assets will involve tax considerations – we can involve specialist teams to help with the process from start to close.
Contract terms – the fine print
The supplier may be agreeing to provide 99% network uptime but does this exclude delay as a result of third-party dependence for connectivity or obsolete client systems? Look at what is excluded as well as the list of services provided. Study the parameters of dependency, equipment/infrastructure and supply.
It will also pay in the long run to opt for a service provider with experience in your industry.
If the proposed supplier is not the main trading entity within its group, or does not have sufficient assets to meet its potential contractual liabilities then there are risks. In such circumstances we consider solutions such as a parent company guarantee. The advantage of a guarantee is that it offers a degree of protection if the supplier defaults under the outsourcing agreement. This will all depend on commercial bargaining power.
The right to step-in
An alternative solution could be a right to step-in. This allows the customer to step in and take over the outsourced operations if the supplier cannot or does not perform. Once the supplier is able to demonstrate that it will again be able to meet its contractual obligations, the customer steps out. Equivalent step-in rights can flow down through sub-contracts as well. This right is common in outsourcing agreements involving public authorities.
The events which can give rise to the right to step-in are not limited to the supplier’s contractual breach but can include no-fault triggers. Key terms to negotiate around a step-in clause include:
- the circumstances that constitute a trigger,
- how the right will be exercised exercise and operated, and
- the effect on outsourcing charges.
With the rise of cloud computing and with outsourced services increasingly provided through shared infrastructure and facilities with non-dedicated staff and third party technology, exercising traditional step-in rights can be more difficult and may not be appropriate. Rather than breach of contract (the typical step-in trigger) cloud-based outsourcing agreements may instead put more emphasis on enhanced customer monitoring, oversight and remediation, which can be managed by an independent third party.
Risks for customers can be avoided if you require that the supplier should remain liable for the acts and omissions of its subcontractors as if they were its own.
The customer may seek a contractual right to pay key subcontractors directly rather than via the supplier or to seek the assignment of key subcontracts to the customer – this often occurs if the supplier suffers a certain level of financial distress, which can often be linked to a decline in the credit-rating of the supplier. Another route is to consider a deed of indemnity from the original supplier direct to the customer for the acts and omissions of its selected subcontractor. The supplier should always think carefully about this. If the supplier intends to appoint subcontractors in multiple jurisdictions it will need to review the risks involved.
As a customer you should require prior notification of the selected subcontractor as a minimum. Preferably you should retain a right of veto over the use of particular subcontractors.
Data protection issues are a major cause of tension between customers and suppliers of outsourcing agreements. Issues are especially common in IT service and cloud-based contracts and usually revolve around:
- Distinctions between controllers and processors;
- Restrictions on data transfers; and
- Security obligations.
Unless contractual provisions provide clarity, a fact-finding exercise will reveal what role each party is taking with respect to the handling and control of data. Cross-warranties are not uncommon and special care has to be taken when data is likely to flow outside the EEA. This is particularly important for companies in a group with overseas entities.
Our specialist lawyers provide highly commercial, affordable advice and can draft, advise on, review or negotiate the right form of outsourcing agreement for you.