Module_5

MODULE 5

TECHNOLOGY OUTSOURCING AGREEMENTS- KEY
PROVISIONS AND ISSUES

5.1 MEANING OF INFORMATION TECHNOLOGY
OUTSOURCING

The practice of engaging third party resources from outside of an
organization, either locally or internationally, to handle certain information
technology functions of the company such as web development, software
and application development, web hosting, website maintenance and/or
management, database development and management, technical support,
telecommunications, and infrastructure management, among various other
information technology functions, is called Information Technology or IT
outsourcing.1 Some other IT services which are most commonly
outsourced include data centre management, help desk, independent
testing and validation, systems integration, security, research and
development, and cloud computing. IT outsourcing is also defined as
“subcontracting all or part of the IT functions of a company to an external
outsourcing vendor”2.

1 ‘What is Outsourcing? IT Outsourcing Types, Models, Benefits, and Examples’ (Daxx, 12 December 2016)
https://www.daxx.com/blog/development-trends/what-is-outsourcing-benefits-of-outsourcing#2-what-is-it-
outsourcing accessed 19 January 2019
2 K. Altinkemer, A. Chaturvedi & R. Gulati, ‘Information Systems and Outsourcing: Issues and Evidence’
(1994) 4(14) IJIM 252-268

1

5.2 WHAT ARE TECHNOLOGY OUTSOURCING
AGREEMENTS?

A legally enforceable agreement which establishes the outsourcing
relationship between the company outsourcing its IT services (also known
as service receiver) and the external vendor (also known as service
provider), and outlines their respective rights and liabilities, is termed as
an Information Technology outsourcing agreement.

5.3 TYPES

Most popular types of IT outsourcing contracts include:3

5.3.1 Complete Outsourcing

In a complete outsourcing agreement, the whole IT function of an
enterprise, including its existing IT assets (IT equipment and software) and
IT personnel, are transferred from the company outsourcing its IT services,
to the external vendor. A complete outsourcing agreement is usually for a
long term, whereby the outsourcing vendor carries all the risks and
responsibilities of providing IT services to its outsourcing customer. Thus,
in this kind of arrangement, the IT functions of a company in its entirety,
is treated as a market commodity.

3 Matthew K. O. Lee, ‘IT Outsourcing Contracts: Practical Issues for Management’ (IT Dept, City University
Hong Kong) https://pdfs.semanticscholar.org/3bab/7b64d598f13acb81b2299e4aefa230b4d109.pdf accessed 19
January 2019

2

5.3.2 Facilities Management

Facilities management involves the outsourcing vendor taking over the IT
operations of the outsourcing customer, at the premises of the customer. In
this kind of arrangement, the outsourcing vendor either provides necessary
human resources for management of the client’s IT functions, or, transfers
the existing IT employees of the client onto its payroll, who then continue
to operate and manage the customer’s IT functions under the direction and
control of the external outsourcing vendor. Facilities management gained
popularity in the 1980s following a dire shortage of skilled and technically
proficient IT professionals.

5.3.3 Remote Computing Services

The most popular model of IT outsourcing, remote computing services
involves provision of IT services remotely from the external vendor’s data
processing facility to the outsourcing customer, wherein the vendor either
buys/assumes lease for the customer’s existing IT equipment; or sells
off/terminates leases for such equipment. It is termed as ‘remote
computing’ since the outsourcing vendor’s data centre is located away
from the customer’s premises.

5.3.4 Systems Integration Outsourcing

This is a type of IT outsourcing model which involves interconnectivity
among IT systems of several organizations. In systems integration
outsourcing, the outsourcing customer hires a single outsourcing vendor to
handle the installation and operations management of the customer’s

3

‘multi-vendor heterogeneous’ IT infrastructure, in a manner such that the
resultant IT system is integrated and interlinked with the IT structures of
several different organizations.

5.4 KEY CLAUSES

Key provisions of a well drafted IT outsourcing agreement include:4

• Scope of services: this provision must lay down a detailed
description of the scope of the outsourcing services to be provided. It
must include the details of the IT functions to be performed. The
provision must also specify the manner of performance of such
outsourced services, and outline details regarding the actions and
responsibilities of the parties in the performance of outsourcing,
inputs to be used, systems to be used for completion of the work,
location of the systems proposed to be used, access to such systems,
software to be used to complete the work, and the mode of
accessibility by the customer. For instance, details as to whether
cloud computing will be used to facilitate access by the customer,
and if not, the alternative modes of accessibility.

• Dates of agreement: this clause should specify the effective date of
commencement and conclusion of the IT outsourcing agreement. If
the date for commencement of provision of outsourced services is
not the same as the effective date of commencement of the
agreement, the same must be clearly stated. This clause must also

4 ‘What Should be Included in an Outsourcing Agreement’ (CPA Australia, 2016)
https://www.cpaaustralia.com.au/~/media/corporate/allfiles/document/professional-resources/public-
practice/outsourcing-checklist-what-should-be-included-outsourcing-agreement.docx?la=en accessed 20
January 2019

4

provide for extension of the agreement, whereby the agreement may
be extended for an additional term on expiration of the original term,
upon mutual agreement between the customer and the vendor.
• Variation in services: this clause details the procedure for accepting
changes/variations in outsourcing service requests, including
specifics of changes in the services to be provided, corresponding
changes in the pricing model, variations in the process, and changes
to allocation of resources.
• Termination of services: the termination clause must clearly
delineate the conditions or circumstances under which the IT
outsourcing agreement may be terminated. Specific guidelines must
be laid down as to what constitutes ‘circumstances’, for instance,
non-fulfilment of or deviation from service level standards,
insolvency of the outsourcing vendor, change in management of
either party, or non-performance of the contract. Further, the
termination clause must also set forth post-termination
responsibilities/obligations of the outsourcing vendor. Some
examples of post-termination assistance from the vendor includes
turning over of data processing operations and procedural know-how
to the new outsourcing vendor; assisting the new vendor in
reviewing all system software libraries; helping the new outsourcing
vendor to analyse the requisite amount of space for the client’s
databases and system software libraries; turning over of vital
telecommunications network links to the new vendor; notifying the
new service provider of any naming conventions used; and
answering service related queries on a “need to know” basis for a
pre-defined time period post-termination of the agreement.

5

• Pricing and fee structure: the pricing structure must clearly spell
out every aspect of the pricing model such as, the initial set-up fee
for start of the service including the scope of such fees, security
bonds, ongoing fees and disbursements for work to be performed as
per the agreement, employee on-costs, employee entitlements,
miscellaneous expenses, foreign exchange, overseas taxation
including any GST provisions.

• Terms of payment: this provision must lay down strict guidelines
regarding the payment terms, requisite deposits, terms and
conditions of late payment and late fees, penalties for non-
performance of required service levels, terms of contract termination
and disengagement, and, provisions regarding contract reward and
penalty considerations.

• Warranties: the outsourcing vendor must warrant providing
complete and accurate information, true to the best of his
knowledge, to the client; and a consistent and professional delivery
of high quality service in a timely manner. The clause must lay
down a warranty period during which client may demand rework or
added services, and its implications on fees. It must also provide a
detailed set of terms and conditions for requesting revision of
services after the warranty period, and the corresponding variations
in fees.

• Obligations of the outsourcing vendor: the agreement should lay
down all the duties and obligations of the external vendor in this
provision, such as full disclosure of relevant information and data,
adhering to expected service levels, monitoring, delivery of mutually

6

agreed volumes of work, maintaining confidentiality, post-
termination assistance et cetera.
• Obligations of the outsourcing customer: this provision should
outline the responsibilities of the outsourcing client such as detailing
the specifications of services to be provided by the vendor,
providing access to necessary data and information to the vendor,
specifying expected level of performance, performance reviews
through regular progress meetings and reports, assisting in migration
of IT equipment to the vendor’s data centre et cetera.
• Communications: the communications clause lays down clear
guidelines regarding procedures for ongoing and regular
communications between parties to the contract; relationship
management process including procedures for performance reviews;
and, the requirement for appointing executives from both parties
who are to handle, address and resolve all communications and
queries pertaining to the outsourced services.
• Data retention: this clause should specify details of ownership of
documents and records relating to the outsourcing services;
procedures for transmission, exchange or access of relevant data;
and, terms and conditions of data retention by the outsourcing
vendor.
• Confidentiality: the IT outsourcing agreement must clearly delineate
provisions regarding management of data confidentiality and
privacy. The confidentiality clause should lay down responsibilities
and obligations of either parties to keep information pertaining to
both parties’ businesses and this agreement, including their
correspondence details confidential and private. It should lay down

7

procedures for communicating with third parties; permitting
applicable professional bodies to access documentation pertaining to
the IT outsourcing services; and, ensure compliance with applicable
privacy laws of the concerned jurisdiction.
• Data security: the IT outsourcing agreement must provide detailed
provisions regarding data protection and security, such as,
requirement of the data to be free from any virus, spyware, malware
and other forms of security threats; adoption of requisite data
security measures such as anti-virus installations and a rigorous
monitoring process; implementing adequate data access controls;
and details of data storage locations, along with mode of access of
such locations especially if data is stored on the Cloud and existing
safeguards and restrictions.
• Non-compete clause: this clause provides that the outsourcing
customer refrain from engaging any new outsourcing vendor to
outsource its IT services during the term of this agreement.
• Miscellaneous: the miscellaneous provision may possibly cover
issues like terms and conditions of using other external entities such
as actuaries, auditors; provide insurance and indemnity details; and,
lay down clear procedures regarding changes in ownership or
business structure.
• Dispute resolution: the dispute resolution clause must provide
escalation procedures for disputes that may arise between the parties
to the contract, along with preferred dispute resolution mechanisms,
governing law and jurisdiction clause.

8

5.5. BENEFITS

IT outsourcing has several benefits. Some of them are as follows:5

• Cost reduction: one of the most compelling drivers to outsource IT
services is reduction in costs and control of expenses. By
outsourcing their IT services, businesses benefit from reduced labour
costs, cheaper infrastructure and tax advantages in the outsourcing
location6. Further, businesses that choose not to outsource IT
services but operate it internally, incur fixed expenses, as opposed to
businesses that outsource their IT services (whether offshore or
onshore), that are able to convert these fixed costs into variable
costs, thus freeing up capital for use in other areas of operations that
directly generate more revenues. Therefore, outsourcing information
technology services helps a company control its capital expenditures.
Also, when a business carries out all of its operational activities
internally, the expenses are passed on to the customers. Thus,
outsourcing any aspect of its operation, such as IT services to an
MSP (Management/Managed Services Provider) helps reduce some
of the expenses, enabling the business to gain a competitive
advantage with regards to pricing of goods and services.

• Access to global talent: outsourcing a company’s IT services to a
qualified MSP ensures access to a global pool of talented
professionals with superior technical knowledge and know-how of

5 Samantha Gluck, ‘Benefits v. Risks of Outsourcing IT Services’ (Chron)
https://smallbusiness.chron.com/benefits-vs-risks-outsourcing-services-2504.html accessed 19 January 2019
6 Daxx Team, ‘What is Outsourcing? IT Outsourcing Types, Models, Benefits, and Examples’ (DAXX)
https://www.daxx.com/blog/development-trends/what-is-outsourcing-benefits-of-outsourcing accessed 19
January 2019

9

the latest technologies and trends. Further, the rigorous hiring
process of MSPs ensures that their IT professionals are well versed
with tried and tested methodologies as well as latest technological
skills and procedures.
• Saves time: when a company outsources its IT services to an
external vendor or an MSP instead of spending resources in building
an inhouse IT team, it saves a significant amount of time, which
would otherwise be expended on activities like advertising,
interviewing, selecting and training new inhouse IT employees.
• Increased productivity: outsourcing information technology services
to an expert third party vendor, or a professional MSP, helps a
company focus on its core competencies and further its core business
goals and objectives/missions, without spending too much time and
resources on non-core activities. For instance, in a law firm, core
competency of the business is legal services, and non-core services
is IT services. Thus, outsourcing of its IT services will increase the
productivity of the business, ensure an uninterrupted workflow and
help the business upscale fast.
• Monitoring: monitoring the IT environment of a business becomes
much more feasible, easier and convenient when a company
outsources its IT services to a qualified MSP or an expert outside
vendor. Since these third party agents have adequate resources and
tools to foresee any serious IT breaches, and expert professionals to
fix any security threats, they can help avoid downtime. Further, the
outsourcing service providers also advise on necessary IT
infrastructure upgrades, data backups, software updates, anti-virus
updates and inventory auditing; and can easily detect and rectify

10

backup and hardware failures, software crashes, spyware intrusions,
database corruptions, and virus attacks, thereby carefully monitoring
and minimizing risks to maintain a healthy and fully-functioning IT
environment of an outsourcing service receiver.7

5.6. ISSUES

Potential issues which may arise out of an IT outsourcing agreement are as
follows:8

5.6.1 Migration of data processing operations

If an IT outsourcing agreement opts for remote computing services, IT
equipment from the customer’s data processing facility requires to be
transferred to the vendor’s data centre. This could give rise to several risks
in the transition process such as differences in systems configuration,
incompatible operating system or a malfunctioning hardware platform. To
mitigate such risks, a ‘migration project plan’ must be agreed on by both
parties which should contain detailed procedures for transfer of, or
migration of IT equipment from the customer’s site to the vendor’s
facility, in a phased manner, along with safeguards to minimize risks
related to systems migration. For instance, the migration project plan may
provide for ‘parallel operations’ wherein prior to the final cutover to the
vendor’s data centre, IT functions would be operated at both the vendor’s
and client’s respective data facilities for a predefined transition period to

7 Andrea Brito-Amador, ‘The Top 7 Benefits of Outsourcing Your IT Department’ (Nexustek)
https://www.nexustek.com/blog/the-top-7-benefits-of-outsourcing-your-it-department-2/ accessed 19 January
2019
8 David Hayes, ‘Advanced Issues in Outsourcing Agreements’ (Fenwick &West LLP, 2003)
https://www.fenwick.com/FenwickDocuments/Outsourcing_Agreement.pdf accessed 20 January 2019

11

ensure that the newly installed and configured IT system at the vendor’s is
producing identical data processing results as that of the customer’s
system. That is, the IT equipment at both the vendor’s and client’s data
centres need to be parallelly operated for a fixed period to verify that the
transition process of the IT equipment has been successful.

5.6.2 Damage due to failure to migrate

Problems may arise in the transition or migration of the IT equipment from
the customer’s data facility to the vendor’s remote computing facility,
which may lead to the customer losing business as well as suffer
reputational damage on account of failure to meet contractual
commitments to its own clientele. The IT outsourcing agreement should
provide remedies in such cases, in the form of liquidated damages.

5.6.3 Ownership of intellectual property rights

Disputes may arise regarding copyright ownership of data, software
programs, manuals and other written documents developed during the
course of the outsourcing agreement by the outsourcing vendor for the
outsourcing client. It is essential that the client retain ownership of its IT
assets, so it can re-claim/regain control and management of the same in the
event of termination of the outsourcing agreement, without crippling the
day to day IT operations. Further, provisions should be made enabling the
client to access the source code of programs developed by the vendor in
the course of servicing the outsourcing customer, so the client has right to
modify such programs in future or in case of breakdown of the outsourcing
relationship. Thus, it is prudent that the outsourcing client own rights to

12

any intellectual property developed by the vendor pursuant to the IT
outsourcing relationship, and specify the same in the agreement, to protect
its business interests, and ensure a strong bargaining position in
negotiation of future contracts.

5.6.4 Conformity to performance standards

It is essential that the outsourcing vendor adhere to the ongoing
performance standards of the outsourcing client, so that the client’s
ongoing internal business requirements are fulfilled, as well as the client is
able to serve its own customers according to a pre-defined standard of
work. Thus, it is of utmost importance that the IT outsourcing agreement
pre-define the service level standards, to prevent disputes at a later stage.
However, it is highly likely that even at the stage of defining performance
standards, frictions may occur between the parties to the contract. This is
because the outsourcing vendor may be accustomed to a certain definition
of performance measurements or a certain model of service level standards
and its corresponding pricing model, which may substantially differ from
the standards prescribed by the client.

5.6.5 Pricing model

An IT outsourcing relationship must clearly establish its pricing model in
the contract, depending on the particular type of technology outsourcing
agreement. For instance, prices charged by the vendor in a facilities
management model, is calculable by computing direct and indirect costs
incurred in operations management of the outsourcing customer’s data
processing facilities located on-site (that is, at the business premises of the

13

outsourcing customer). However, in a remote computing model of IT
outsourcing, where the vendor uses IT equipment of a much larger
configuration of which only a portion is dedicated to the customer’s
services at a given time, it is highly unlikely that the same pricing model
as used in the facilities management model, will work, and will, therefore,
need a new pricing model such as a rate card structure. Thus, it can be
understood that a “one-size-fits-all” approach to pricing models is
inappropriate/inadequate and different pricing models need to be applied
to different types of technology outsourcing agreements.

5.6.6 Post-termination obligations

The IT outsourcing agreement must expressly provide that the vendor is
obligated to render assistance in transitioning the data processing
operations to a new outsourcing vendor, in the event of termination of the
outsourcing agreement, at no additional costs, and for a defined period
after termination of the agreement. The agreement must clearly define
such post-termination obligations. Further, if a situation arises that the
client has become reliant on a certain proprietary software, operating
system or an application software used by the vendor in servicing the
client, the vendor must make suitable provisions to license such software
to the new vendor or assist the new vendor in any other manner so as to
‘wean off’ the client from such dependence.

14