Outsourcing IT – dealing with change and exercising control

Practical Law UK Articles 2-537-3545 (Approx. 16 pages)

Outsourcing IT – dealing with change and exercising control

by Linda Crow, Sherry Sheibani and Huw Beverley-Smith, Faegre Baker Daniels LLP

The current landscape

Pressure on traditional IT outsourcing continues to increase. In recent years, the growth of cloud based services has offered customers and suppliers greater flexibility and a broader range of options in procuring software applications, technology platforms and IT infrastructure as a service, without the attendant costs of maintaining dedicated systems.

Apart from the technologically driven shifts, the extent of the financial and business benefits of outsourcing IT continues to be tested, particularly where pricing models are outmoded or inflexible or where promises of transformational access to innovation are not realised. In recent years, highly publicised instances of IT system failure and large scale data breaches have also often been blamed (at least in part) on the fact that the IT functions in question have been outsourced.

The landscape is also influenced by political policies on a number of levels, for example:

Encouraging the repatriation of jobs to the US.
A desire to reduce the concentration of government spend on large IT projects in the UK.
Encouraging small and medium enterprises in the supply chain in the UK.

These factors have resulted in some significant and high-profile shifts in corporate and government policy. For example, in 2013, General Motors announced a policy to abandon its multibillion dollar outsourcing agreements (including that of most of their IT functions) and to in-source work with the construction of new data and innovation centres and the employment of approximately 10,000 IT professionals worldwide. In parallel, the UK Government has sought to limit its reliance on large single-supplier outsourcing projects and encourage adoption of cloud-based technology.

Such major changes in policy are likely to remain rare, but contract renegotiations are likely to continue to increase as a result of ongoing changes in political, economic, business and technological conditions.

If mechanisms which accommodate changes to the service agreement have not been put in place at the outset, effecting even minor alterations to the services can be a painful process. There can be many reasons for requesting services or pricing adjustments. While cost will be a primary factor, the reasons for the parties to seek early renegotiation can also include:

Change in circumstances of the customer resulting, for example from competitive pressures in the market or corporate acquisitions or divestments.
Changes in circumstances of the supplier, for example rapid expansion resulting in constraints on resources and/or pressures to meet sales targets and margins.
Rapidly changing or new/disruptive technology.
The supply of defective or less than optimal service.
Either or both of the parties feeling that the contract is not running as efficiently as it could be.
Misaligned expectations and general relationship issues.
A sub-optimal or expedited procurement process.

Reasonable expectations and predictability of dealings are key. Where the supplier and the customer do not understand each other's business models and objectives, requests for change can easily become contentious issues, particularly if either party is under increasing financial pressure and believes the relationship no longer fits with long-term business strategies. Change, by its nature, has a cost. The terms of the contract may be too rigid to deal with minor changes if, for example, minor operational changes to the specification are required or the methods of performance measurement are too complex, and the parties may find themselves having to effect change control procedures too often, or worse make informal changes to the agreement to bypass cumbersome contractual bureaucracy. These patterns of behaviour can have an adverse effect on the relationship and can ultimately lead the parties to resort to dispute resolution procedures. Customers need to manage suppliers carefully to avoid situations where a number of incremental changes result in scope and cost creep, or where the customer is faced with additional charges for services that can reasonably be included in the original service description. Equally, suppliers facing continued requests from customers for changes that have not been foreseen or costed (possibly due to poor articulation by the customer of its requirements) can see their margins being significantly eroded by multiple requests for minor changes or by speculative requests for change resulting in costly impact assessments, the costs of which may not be fully recoverable.

In today's economic climate the ability to deal efficiently with change is essential, particularly as both suppliers and customers often operate in an environment where new technologies constantly disrupt the existing state of affairs. Consideration of any cost savings and other opportunities the parties may benefit from through changes must include an assessment of additional protections should any such changes create further risks.

What should be outsourced?

The customer should consider:

What benefits are to be achieved from the IT outsourcing?
Which IT functions should be outsourced?
Which IT functions are ready to be outsourced immediately?
Which IT functions are not yet ready to be outsourced immediately, but which the customer may want to outsource in the future?

The customer should consider whether outsourcing some, or all, of the following will help it to achieve its broader IT, business continuity and security strategies:

Data centres.
Helpdesks and call centre support.
Desktop, voice and data networks.
Software and application support and maintenance.
Applications development.
Hardware repair.
Security monitoring.
System optimisation.
IT procurement management.
Contract and supplier management.
Project management.

The customer should examine (after assessing its existing in-house software, hardware, development and maintenance capabilities) whether certain IT services may be better kept in-house or whether IT functions may be outsourced to different suppliers rather than one supplier. Certain functions might be better suited to being outsourced to a cloud service provider who may be able to offer greater cost savings and be better equipped to deliver more up-to-date technology, with the added benefit of enabling the customer to control usage of the services to a greater extent and flex and scale the services to meet its business needs (although see below, Exercising control, regarding data issues in the cloud).

The customer may assess at the outset that a particular IT function is too important to outsource, or, if it does outsource a function, that particular mechanisms must be put in place to keep tighter control over that function. In some less business critical areas the supplier's superior knowledge and expertise can mean that the supplier will manage those functions better than the customer. The supplier and the customer should agree whether:

They all need the same amount of measuring and reporting.
They all need continuous improvement and, if so, whether they all require the same frequency and level of upgrade and investment.
The customer wants software and hardware to be refreshed regularly.
The customer is an "early adopter" of new technology and whether having the latest technology is important for every IT function outsourced (that is, whether the customer is in a sector where having the most up-to-date technology and being ahead of the curve will result in considerable gains over its competitors and/or win new business).

Equally if the latest technology will not give the customer any advantage over competitors, the customer may not want to pay a premium for new and supposedly better technology or suffer potential teething problems. The customer is likely to be wary of radical technological changes imposed upon them by the supplier that deliver the same functionality as already well-functioning existing technology.

Having a clear and precise knowledge of the scope and specification of the various in-house functions, and their associated total cost to the supplier, will give the customer greater insight into:

What it may be possible to outsource.
Where it can make savings.
What it requires from suppliers.

The customer may need to carry out internal due diligence before initiating the outsourcing project. Equally, the supplier will benefit from having clarity of scope of the client's requirements, as this will assist the supplier with agreeing a specification and determining its pricing strategy.

Single supplier versus multiple suppliers

The customer should consider whether it wishes to use a single supplier or outsource different functions to separate suppliers, which will depend in part on the reasons for outsourcing (whether for cost minimisation or access to specialist skills and technology). Whilst having more than one supplier reduces the risk of becoming overly reliant on any one supplier, and allows for competition between suppliers, it creates new risks principally in integrating the various suppliers and their functions. When considering what deal structure to use, the customer should take into consideration the background of the tendering suppliers and assess if any have greater expertise in particular IT functions. Some examples of issues which should be considered are discussed below.

Single supplier

The obvious benefit of using a single prime supplier is that the customer need not concern itself with "project managing" various suppliers and in particular will not have the same issues with retained risk and liability. However, a single supplier who is locked-in to a long-term contract may be less inclined to innovate and improve the services during the life of the agreement unless there are workable continuous improvement, technology refresh and benchmarking provisions that are carefully managed.

Even if using a single supplier, the customer cannot necessarily rid itself entirely of an IT or other business function. It will still require a management function to:

Monitor the supplier's performance in accordance with the contract.
Monitor any business driven changes in the customer's needs and liaise with the supplier to implement the necessary changes in the services.

Multiple suppliers

If the customer chooses to reduce its reliance on the supplier it can contract directly with multiple suppliers and achieve greater flexibility through different contractual terms with each supplier, including the ability to terminate certain services at different times if it requires.

Given the complexities of managing a multi-supplier relationship, the customer may wish to engage a third party to project manage the IT outsourcing and ongoing contract management. This does have the potential to erode any cost savings made, however, and the customer should factor that into the IT outsourcing as an add-on cost.

Problems can arise when co-ordinating multiple suppliers including the following:

The customer will have to deal with instances where a first supplier refuses to take on full liability for its own acts or omissions due to, what the first supplier asserts, are the acts or omissions of a second supplier. The customer must ensure it has put in place suitable provisions for instances where:
- a first supplier blames a second supplier for failing to deliver a dependency upon which the first supplier relies;
- a second supplier has allegedly provided defective service which has an impact on the first supplier's ability to provide its services.
Drafting for inter-supplier liabilities can be very complicated and provisions should be built into all parties' contracts. Even if suitably drafted, suppliers are likely to refuse to enter into contractual relationships with those other suppliers who are their competitors. If they do refuse, the customer should be aware that:
- if each supplier has no direct contractual relationship with the other suppliers, retained risk is a considerable problem for the customer where breach by one supplier impacts and affects another supplier. In such instances the first supplier may seek remediation directly against the customer if a second supplier has not delivered a dependency upon which the first supplier relies, and as a result the first supplier is unable to deliver its full service obligations and is consequently penalised by the customer;
- unless the contract is drafted correctly, the first supplier may in fact have no liability in the event of a disruption to its service delivery if it can prove that disruption is caused by a second supplier's service failure. The first supplier will not be in breach at all, and need not resume full service until the second supplier's failure is remedied, and the incentive to assist and co-operate with the customer will therefore be lacking for the first supplier.

Ensuring cost-effective delivery of the services

Throughout the term the supplier will want the ability to adjust the manner in which it delivers its services to ensure that it does so efficiently and cost-effectively to achieve its expected margins. This will require the customer relinquishing an element of control over the delivery of the services. To provide flexibility whilst providing the customer with protection, the description of the services must focus on the expected outcomes rather than dictate the manner in which those outcomes are achieved (for example, the customer should require the supplier to answer telephone calls within 30 seconds rather than specifying that the supplier needs 27 phone lines and 27 operatives).

Getting the best out of the technology

It is in both the supplier's and the customer's interest to allow the supplier to be able to take advantage of new technology as it develops. Both parties should consider the supplier's existing capabilities, the hardware and software used and the supplier's relationships with third party suppliers (particulalry cost savings that the supplier can achieve through its market position), as these can play a large part in the customer's choice of supplier.

Both parties should be looking for common denominators. For example, software licences are a major expense, and if the supplier has good pre-existing relationships with third party suppliers with whom the customer already does business, or is willing to do business, the customer can benefit from any economies of scale available where the software currently licensed is used by the supplier's existing customer base.

Generally, any overlap in third party suppliers between supplier and customer will facilitate a smoother transition of the services and is likely to reduce costs. The supplier and the customer should actively assist each other in assessing the customer's current needs and match those with the supplier's existing supply arrangements.

With respect to software licences and software maintenance in particular, the customer should consider the following:

If the customer wishes to specify which software is used and which licences are obtained, the supplier will likely require the customer to take on any related responsibilities and liabilities in respect of pricing and functionality. The customer should weigh up the benefits of allowing the supplier to both determine, and be liable for, the software used.
Issues can arise on termination for the customer in respect of software licences obtained via the supplier, particularly where the licensor is not the owner, and where the price of the licences may be dependent on the supplier's role as intermediary. The customer could find that once the supplier is terminated, it no longer has the ability use the software, or that a premium will need to be paid to the software owner/licensor for the change in licensee.
Depending on its position, and subject to any cost-effective alternative licensing arrangements that can be negotiated with any incoming supplier, when transitioning the services back in-house or to a new supplier, the customer should ensure that the licences will not immediately terminate and that the effect of terminating with the incumbent supplier will not be to the detriment of its relationship with the software licensor or affect the price of the licences.
If the customer presently enjoys the benefit of preferential pricing with a particular software licensor, the customer should be alert to any additional charges or more onerous terms imposed by the licensor on transferring to the customer's chosen IT outsourcing provider.
In the worst case scenario, the customer may find the licensor has the right to terminate rather than port the licence. In such an instance, and depending upon how pivotal the software is the customer must carefully consider how much it is prepared to pay on top of the outsourcing to retain/relinquish relationships and licences with existing preferred software suppliers/licensors and this will involve an analysis of how integral the software is in relation to its IT infrastructure as a whole.
To the extent that any software under a licence is maintained under a third party software maintenance agreement, the customer should consider whether it can easily terminate such agreements in the event that any software licence needs to terminate as a result of the IT outsourcing.
If existing software is transferring, it is advisable that any escrow agreements previously held by the customer are entered into by the supplier, as well as escrow being entered into in respect of any new software the supplier licences from a third party that the customer is reliant upon.
Further to the above, if the customer has any concerns about the financial stability of the supplier, it might require the supplier to enter into enhanced escrow arrangements involving more frequent and rigorous auditing and testing of the software (for example not just annually or whenever there is a new version, but with every new update or upgrade of the software). Obviously the customer will need to factor in the additional cost of requiring more frequent updates and deposit and the additional expense involved in requiring more regular interaction with the software by the escrow agent.

In some instances, traditional suppliers may find themselves competing against cloud suppliers, which can cause particular problems for the traditional IT outsourcing supplier, for example:

Traditional IT outsourcing suppliers may find the growth of cloud offerings potentially eroding their customer base and suppliers may choose to try to compete on price by integrating cloud-based elements into their solutions, whether by buying in extra capability or by subcontracting third party cloud suppliers. While this may enable the supplier to provide better pricing, it may significantly complicate an IT outsourcing supplier's existing delivery model and a customer must ensure that the supplier remains responsible for managing its own (cloud) suppliers.
If traditional IT outsourcing suppliers do choose to adopt cloud solutions as part of their service offerings, the customer may still prefer, depending on the type of IT function in question, pure cloud providers due to their greater experience and cost advantage. Again, the customer should consider carefully which suppliers have specialist expertise in respect of the particular IT function in question.

Use of subcontractors

Customers should seek to negotiate a satisfactory position in respect of the supplier's key subcontracts. The customer can mitigate the effects of supplier failure if it builds into the contract a right to enter into direct contracts with the supplier's subcontractors in the event of supplier default or certain insolvency-related triggers. This obviously limits the supplier’s ability to manage its own supply chain and therefore is often limited to sub-contracts that have particular financial or operational significance.

Benchmarking

Benchmarking provisions can provide a useful mechanism for the customer to request changes to the methodology of the pricing relative to the methodology of the service provision based on market norms (for a detailed discussion please see Benchmarking terms in outsourcing contracts: all pain and no gain or indispensable price protection tool?). While these introduce an element of flexibility and comfort for the customer, they must have "teeth", otherwise their use will be restricted to a negotiating tool only. The supplier will argue for them to be non-binding so that the customer cannot use them against the supplier going forward. Given the use of a third party benchmarker will incur costs (likely for both parties, as the supplier will want to be sure of the benchmarker's impartiality), the customer may seek to obtain market data from other readily available sources and the customer should check for any information it has available to it (at any time, not just during a benchmarking exercise).

Change control clauses

Determining where simple, small alterations of the services within the parameters of the existing contract will assist its smooth running over the longer term is not easy, but both parties should try to be as realistic as possible about their resources and financial capabilities. The parties should consider the following when drafting change control clauses:

Constant price uplifts for minor service changes may quite quickly mean the customer is no longer making the savings expected from outsourcing the IT function. Both customer and supplier should carefully consider when minor operational changes should be deemed significant enough to warrant a change control procedure being triggered and a potential price adjustment.
Broadly speaking, any change implemented in the ordinary course, such as minor development work, modifications and improvements contemplated at the time of contract signature, should not incur further fees, particularly if such change forms part of a contracted service improvement plan.
The parties should agree whether this includes adjustments to the services due to regulatory changes, and the precise allocation of responsibility for costs of general regulatory changes affecting all businesses and those which are specific to the customer will be keenly negotiated.

Exercising control

The parties should consider the following factors in determining the appropriate levels of control.

Adequate level of control

Both parties should seek to exercise appropriate levels of control over certain parts of the IT outsourcing (which may be a negative exercise of control, such as the ability to block the other party from doing or not doing something). Where a lack of adequate control is exercised by either party this can lead to:

Potential exposure to under-resourcing.
Inadequate risk allocation.
Spiralling costs.
Supplier service failure leading to the customer's business failure and damage to reputation on both sides (in the worst case scenario).

Assessing problem issues

Proper and full assessment of any problems stakeholders are currently encountering is important. The parties can only gain insight into which aspects of the IT outsourcing they should each be exercising greater control over if major stakeholders in the customer's business have input into the process and detail their particular requirements. The customer should consider, for example:

Whether some problems are too complicated to outsource and should be resolved before being handed over to a supplier- the old industry adage that a company cannot outsource a problem remains true.
Whether some areas of a customer's business are so critical to operations that the customer ought to not ever relinquish control over them, for example areas of risk management, customer management policies and pricing.
Retaining control over (and, where necessary, not allowing the supplier access to) certain proprietary information such as know-how, intellectual property, trade secrets and other confidential information.

Good governance principles

It is important the parties agree and put in place, maintain and rigorously apply good governance principles such as those that relate to:

The management of personnel.
Regular or periodic reporting by the supplier on the various deliverables and service level agreements.
Provision to the customer of all documentation required under the contract.
Regular meetings and review of the relationship by both the supplier and customer.

The parties should continue to meet at suitably frequent times depending upon the level of seniority of the persons involved. In this regard the parties should consider the following issues:

The supplier should be mindful that for a customer, not having enough control over their outsourced IT services, whilst being a problem in itself, also has the consequence that customers require more transparency about the services being provided. Customers may perceive, for example, that they do not have enough access to the necessary information to be able to make their outsourcings work more effectively for them, which can lead to frustrations for the customer.
Good governance procedures are vital to ensure that minor issues are identified as early as possible. Responsibilities should be clearly defined and decision making should be transparent. Both parties should be exercising control by ensuring good governance of their personnel at all levels.
Both parties must take any issues that may arise seriously, acting quickly and ensuring that problems are discussed at the most appropriate levels of both organisations. It is important for both parties that, once a problem is identified, there are clear and measured escalation procedures in place to deal with that problem, and if necessary they should be escalated up to a senior level inside both parties. Neither party will want to find itself in the position of having to urgently expedite a problem up to senior members due to failure at the lower levels to communicate with each other in the early stages of a problem. In the event that early resolution is not possible, escalation in advance of that problem becoming business critical is therefore very important.
Both parties should acknowledge that it is in their interest to ensure that problems with service delivery are discussed openly so both parties deal with those issues effectively and so that neither party feels the need to resort to termination.

Co-operation and collaboration

Unlike some other contractual arrangements, an IT outsourcing must involve a high degree of co-operation and collaboration between the parties, and the customer and the supplier's personnel may be working together on a regular, perhaps daily, basis. Particularly because of the high attrition rates amongst personnel of IT outsourcing companies, the customer will want assurances that:

All of the supplier's staff are suitably trained and that such training will be maintained throughout the life of the contract.
The supplier will give a certain amount of notice if there are to be any changes to key personnel.
The customer can be involved in the replacement of key personnel as they will be important to the ongoing success of the relationship, although the customer should be realistic about the supplier's staff wishing to progress their careers, or move jobs within the supplier's organisation.

In addition to ensuring normal governance procedures are in place, involving good management reporting, regular meetings between the parties, and the delivery of any service documentation and reports necessary to evaluate the quality of the service provision, the parties should also incorporate some form of IT governance framework to oversee, monitor and audit the IT leadership structure, business processes and compliance requirements (for example, to regularly review issues such as data protection, IT security and IT risk management). Evidence of the supplier's accreditation, or adherence to standards and certifications, such as those relating to information security standards, IT service management and business continuity can assist the customer in this regard.

Data protection and data security

Consideration of data protection and data security issues are very important at all times (for further details on data protection issues which arise on an outsourcing, see Data protection issues on an EU outsourcing and Data protection aspects in an outsourcing transaction). The outsourcing contract should clearly set out that both parties will abide by the provisions of applicable data privacy legislation. If the data is to transfer outside of the EEA, suitable assurances should be given by the supplier to the customer that it will only transfer data where there are adequate safeguards in place (for further details on cross-border transfers of personal data see Cross-border transfers of personal data). The customer may benefit from any arrangements the supplier has in place which assist with compliance under the law (for example, if the supplier has safe harbour arrangements in place with US counterparts or binding corporate rules in place with other entities in non-EEA third countries). A customer will be able to benefit from more flexibility and scalability by using the cloud, but particular concerns arise in respect of data and control of that data when it goes into the cloud. The parties should be aware of the following issues:

Even where cloud providers are themselves located inside the EEA, they may store data on servers outside the EEA. It may be practically infeasible for the customer to obtain the necessary consents from all its data subjects confirming that their data can be processed outside the EEA.
Cloud suppliers ordinarily are data processors, and the customer will ordinarily be considered the data controller. In certain circumstances, however, the customer may not have full "control" of the data if it uses a cloud supplier. For example, a cloud provider usually requires as standard that it be allowed to move data without notifying the customer:
- to effect disaster recovery plans;
- when it has capacity or storage issues and must move data to servers in different locations;
- if a group company structure change means a subsidiary of the cloud provider is re-located.
Notwithstanding the above, in general cloud providers take data protection and IT security issues very seriously and are likely to have adopted strict procedures and processes and should have taken considerable steps to ensure data is secure. However, the customer should ensure it understands what the supplier's position is on data protection and IT security very carefully. The customer should obtain assurances from the supplier in respect of steps it will take in the event of data breaches and data losses.

Exit management planning

The customer should be mindful that completely problem-free exit management planning requires perfect foresight, something neither party has when initially negotiating and drafting the contract. The customer should therefore seek to secure a suitably lengthy exit period to give it time to seek a new supplier (or multiple suppliers) or bring (part of) the services in-house in the event they wish to terminate, and an obligation should be placed on the supplier to co-operate with any incoming supplier or the customer's in-house team on exit. The customer should be aware that even though termination may seem like a solution to an immediate problem, it can be very difficult in practical terms.

Further to the above, whilst some agreements may happily continue throughout their term without the customer ever requesting any significant changes, it may be that the customer is forced to deal with the supplier's budgetary constraints or, in the worst case scenario, insolvency, as well as any resulting diminution in the quality of the services. In a variable economic climate, customers should be more wary of entering into a deal with a supplier who shows any signs of financial instability. In a 2013 survey prepared by HfS Research and commissioned by KPMG (State of the Outsourcing Industry 2013: Executive Findings, April 2013), 40% of respondents cited the financial stability of service providers as "mission critical" attributes. To that end customers need to know who actually owns the supplier. If the supplier is not self-sustaining, the customer should determine which third parties the supplier's financial standing is dependent upon (whether that be a parent company, a significant lender, or by way of shareholder loans) and ideally the customer should seek additional guarantees. Practically, taking back the services in-house or transitioning to a new supplier is a considerable upheaval, if even possible in a short space of time. The customer should monitor the supplier to check for any early warning signs of financial instability through monitoring financial health indicators such as credit ratings to the extent that such indicators can ever be truly representative of the supplier's current status given the inevitable time lag in reporting.

If the contract is terminating, the parties will need to agree additional terms to deal with transitioning the services (for example, effecting data and knowledge transfers in a suitable and accessible medium/format, as well as the return of any confidential information). These can be delivered either direct to the incoming supplier or to the customer as instructed. If not already provided for, the supplier should provide and the customer should agree to a suitable time and materials rate for any additional work which the supplier has to undertake post-termination.

The customer should be aware that, once it has given the supplier notice, it may find the supplier unhelpful in assisting the customer to plan the transition to a new service provider. This may cause difficulties for the customer as information the supplier has gathered over the course of the agreement may be particularly necessary to assist the new supplier. The customer needs to ensure the provisions relating to co-operation by the incumbent supplier on exit pre-empt problems that may arise (for example, over the transfer of data and necessary information pertinent to the services to a new third party). Where the two suppliers are running in tandem for any length of time there will be logistical implications of trying to ensure both parties work together effectively, as well as cost consequences for the customer the longer it needs to receive services from both parties. The customer should try to ensure that the incumbent is suitably monitored throughout the transitioning period and held to a reasonable timetable for transitioning the services.

Dealing with change

Change to price

Given that price tends to be a primary factor for a customer entering a deal with a particular supplier, providing for greater flexibility can prove critical to the success or failure of the parties' working relationship over the longer term, where tensions arise if the outsourcing is not proving to be cost effective for the customer or not providing sufficient margin for the supplier. After taking into account various considerations, each party should assess how they could structure their arrangements and where flexibility can be accommodated.

Price is important but it is obviously not the only reason why customers outsource. Exit can be costly and complicated, and deal renegotiation can involve as much complexity as the original negotiation. This should be borne in mind when negotiating the original deal.

The supplier may have had to incur considerable up-front costs and this is reflected in traditional outsourcing models which often involve relatively static pricing structures over long time periods with partial, or sometimes near total, lock-in. Termination for convenience should involve some element of penalty for the customer.

Rising labour costs, whether offshore or onshore, can mean a supplier's initial offering becomes less attractive for the customer over the term of the contract, but equally a locked-in price can make the deal less economically beneficial for the supplier. Both parties should consider:

Any request post-contract by the supplier to make unexpected changes to the service levels or charges will usually be resisted by the customer. The supplier will therefore need to justify and be accurate in presenting its proposed new costings and any uplifts.
Given the friction any changes can cause, the supplier must make sure it has assessed its future capability accurately at the outset, including taking into account any potentially unforeseeable additional or incidental services required to deliver to the specification and the possibility that labour market fluctuations could mean margins may diminish over the course of the term. Ideally the supplier should seek to ensure that there is scope for any changes to the price to be built into the contract so that the parties are prepared for such eventualities.

The customer should be aware that, unless there is a requirement to provide updated technology during the term of the agreement, the price of the outsourced services should reduce over time once the supplier has recouped its initial costs and technology costs decline, and the customer should establish exactly when adjustments to the services will trigger additional payments.

If the supplier finds it has been pushed to broaden service and has not implemented a change control, service scope creep can eventually make the deal financially unviable from the supplier's perspective, or the services may expand the provisioning beyond the supplier's expertise.

Change to the customer's economic stability

A customer may seek at the outset to negotiate certain clauses with a view to securing flexibility in the event of any change in its own future economic stability, structure, or service requirements. Alternatively, a customer may ask to renegotiate existing terms at any point due to changes in their economic circumstances which may not have been contemplated at the time of negotiation. In any event the supplier must be careful to make a full assessment of the consequences of allowing any change it had not provided for in its initial service offering.

IT outsourcing suppliers may have to contend with a number of factors, including:

A customer's business may contract, along with that customer's outsourcing needs.
A customer may make an acquisition of a business. Whilst this may be good news for the supplier, the agreement should anticipate the methodology for increased scope and pricing and allow time to extend the services.
In the EU, cross-border mergers are becoming more prevalent. Prior to the introduction of Directive 2005/56/EC on cross-border mergers of limited liability companies (Cross-border Mergers Directive), mergers were not on the radar of UK companies and were ignored in drafting change control provisions. The possibility for such a merger should now be considered at the outset.
A customer may sell a part of its business or group and the supplier may potentially need to continue to provide the services to the sold business/entity for a transitional period (that is, provide services to two separate customers under the same contract for a short period of time).

Change and its effect on risk/liability

Once the parties agree when a change control procedure will be triggered, and once changes have been agreed upon in principle, the parties should be careful to ensure that where any changes in services are requested, any changes in pricing and additional risk or liability which arise as a result of those changes are also considered and appropriately reflected in the agreement. For example:

Where either party has taken on greater or lesser liability, the liability caps may need adjustment.
It may be necessary to adjust the levels of insurance required by the parties.
The organisational structure of the customer may determine how any change control process should be dealt with and implemented (for example, whether the customer operates in a centralised way or whether it is more "federalised").
If the supplier has to enter into a new territory, the customer should make sure the supplier (or its local affiliate) has suitable expertise and knowledge of the regulatory challenges in that jurisdiction.
If the supplier is to provide new software or hardware, warranties and indemnities may need to be revisited.

Conclusion

We have covered only some of the issues which may arise for a customer and a supplier during the term of an IT outsourcing which will require the parties to consider how much flexibility and control they need to exercise at various times. Both customer and supplier should be aware that every IT outsourcing contract is different and one size does not fit all. The parties will require commercial, legal and technical input at every stage, and each of these teams must be careful to avoid working in a silo which may lead to the contract being drafted in a piecemeal fashion, such that it becomes unworkable and unenforceable. The parties need to ensure that the contract works as a whole, not just at the beginning, but throughout the term. They should make sure that whenever changes are considered the decision making process involves all relevant stakeholders and a 360 degree assessment of how well the contract is working, and how it can be improved to the benefit of all parties.

Online resources

Legislation.gov.uk

W www.legislation.gov.uk

Description. The website is managed by The National Archives on behalf of HM Government. It is the official website publishing all UK legislation as part of the remit of Her Majesty's Stationery Office (HMSO), part of The National Archives, and the Office of the Queen's Printer for Scotland.

Contributor profiles

Linda Crow, Partner

Faegre Baker Daniels LLP

Image 1 within Outsourcing IT – dealing with change and exercising control

T +44 (0) 20 7450 4531
F +44 (0) 20 7450 4545
E [email protected]
W www.faegreBD.com

Professional qualifications. LLB (Hons), University of the West of England, 1986

Areas of practice. Corporate; international; food & agriculture.

Recent transactions

Representing public companies listed on the London Stock Exchange main market and its junior market AIM, as well as companies listed on the NYSE and NASDAQ.
Advised FleetCor on the outsourcing by Royal Dutch Shell plc (Shell), a global group of energy and petrochemical companies, of its commercial fuelcards business across 34 countries.
Advised listed US company on the outsourcing of business process operations.

Professional associations/memberships.

Law Society of England and Wales.
Women's Law Network.

Publications.

Outsourcing IT – Dealing with Change and Exercising Control, Practical Law Outsourcing Guide, first published September 2013 (joint author).
US Food Importers Face Tougher Rules After New Act, Food Manufacture Magazine, November 2012.
Hurdles Across the Border, Financial Times, September 2012.

Sherry Sheibani, Associate

Faegre Baker Daniels LLP

T +44 (0) 20 7450 4563
F +44 (0) 20 7450 4545
E [email protected]
W www.faegreBD.com

Professional qualifications. BSc (Hons), London School of Economics & Political Science, 2002

Areas of practice. Corporate; commercial; international.

Professional associations/memberships.

Law Society of England and Wales.
British Iranian Lawyers Association.

Publications.

The Five Habits of Highly Successful Franchisors, Freshbusinessthinking.com, 2009.
Doing Business in the Middle East, International Trade magazine, 2009.

Huw Beverley-Smith, Partner

Faegre Baker Daniels LLP

Image 2 within Outsourcing IT – dealing with change and exercising control

T+44 (0) 20 7450 4551
F  +44 (0) 20 7450 4545
E [email protected] 
W www.faegreBD.com

Professional qualifications. LLB, PhD (Wales), Solicitor

Areas of practice. Technology transactions, outsourcing and data privacy.

Professional associations/memberships. Law Society of England and Wales

Publications

The Commercial Appropriation of Personality (Cambridge University Press 2002) and Peking University Press (2007) (Mandarin translation).
Privacy, Property and Personality (with A Ohly and A Lucas-Schloetter) (Cambridge University Press 2005).
Assistant Editor, Copinger and Skone James on Copyright (14th ed Sweet & Maxwell 1999).
Contributor to Outsourcing Law and Practice (Law Society, 2010).

Outsourcing IT – dealing with change and exercising control | Practical Law