When a company decides to outsource the management of its information systems, it generally signs a facilities management contract with a service provider, often confused with a Managed Services Provider (MSP).
This type of contract is essential to ensure that the service provider meets the company’s needs and delivers quality services. In this article, we’ll start with a few reminders and definitions concerning outsourcing, before listing the essential points to consider when concluding an outsourcing contract.
What is outsourcing?
Definition of outsourcing
Outsourcing is the practice of entrusting a third party with the management, operation, optimization and security of all or part of an organization’s information system.
Different types of outsourcing
As we saw earlier, this outsourcing can take many forms, with a more or less extensive scope. These include outsourcing services
- for infrastructure management of IT assets
- supply and/or management of application software and packages purchased or linked by the customer (ERP, CRM, etc.).
- which includes the entire information system
This outsourcing – whether total or partial – of such a strategic resource for an organization requires a contract to be put in place.
Differences between outsourcing and managed services
While the two terms are often confused, there are a few differences between outsourcing and managed services.
Without going into too much detail (we’ll devote a full article to the subject), there is a fundamental difference in terms of objectives. In general, the main purpose of outsourcing – as the name suggests – is to manage all or part of an organization’s IS, which implies a reactive approach (problem->solution) and a delegation of management. In a different way, the managed services provider supports the IT department, in a more co-management mode, with a mission that is often more upstream and proactive in terms of IS optimization and improvement.
Finally, according to AFNOR, managed services are a category of the outsourcing family.
Main points to watch out for in outsourcing contracts
Scope: what the contract does and does not cover
The outsourcing contract must clearly define the scope of services to be provided. This includes the IT services to be managed, the level of service required and the performance levels expected. The scope of the contract must also specify the responsibilities of each party, including the service provider’s obligations in terms of maintaining and updating the IT infrastructure.
Performance: SLAs (Service Level Agreements)
The outsourcing contract must include service level agreements (SLAs) that define the expected levels of service.
In addition to simply defining service levels, the contract must also include other performance indicators, such as response times to support requests, availability of IT services and the expected uptime of the IT infrastructure.
Finally, the penalties applicable in the event of failure to achieve these service levels must also be specified, both in terms of quantum (rate/asset/ceiling) and the terms of application and/or exemption.
Costs: pricing, payment terms and scalability
Of course, the contract must clearly define the costs of outsourcing services and the terms of payment.
This includes charges for services provided, any additional costs for hardware or software, and any penalties for non-payment. Particular stipulations can be inserted to interest the service provider in savings made with the customer’s vendors and other publishers/suppliers.
Lastly, payment terms must specify the payment schedule, including payment frequency, compensation for late payment, and any compensation arrangements between SLA penalties and payments due to the service provider.
Security: measures and protection of personal data
Setting up a confidentiality agreement (NDA) is not enough to ensure the security and confidentiality of services provided by a service provider. When it comes to outsourcing, it is now essential that the outsourcing contract includes stipulations on data security and protection.
As such, it will be necessary to ensure : (i) setting up appropriate processes, (ii) the presence of documentation relating to the relevant measures and processes, and finally (iii) regular staff training and awareness-raising.
These measures, documentation and best practices in terms of protection against unauthorized access, intrusions, data breaches or loss, backup procedures, data recovery methods and, more generally, security incident management, are today must-haves for major accounts in both the private and public sectors.
Management: reporting and problem-solving
The subject of management is an essential one, yet one that is often overlooked in hosting contracts (or MSPs for Managed Services Providers).
And yet, this is an essential area for monitoring contract performance, anticipating difficulties, risks and changes, as well as managing (and possibly escalating) difficulties encountered during the course of the contract.
To sum up, to avoid having to implement liability or termination clauses, remember to devote the necessary time to contractualizing performance management issues in your contracts. In practice, this can range from reports scheduled during quarterly business reviews (QBRs), which identify actions taken, intervention times and under-utilized services.
Duration, termination and renewal
The outsourcing contract must include stipulations concerning the duration of the contract, as well as termination and renewal terms.
The circumstances and conditions under which the contract may be terminated (with or without fault on the part of the service provider), the notice period required for termination and any penalties for early termination must be specified, as well as the consequences in terms of reversibility and support for the transition to a new service provider or the re-internalisation of the function.
The contract must also specify renewal conditions, including any changes to the scope of services or payment terms.
Responsibilities
Last but not least, let’s talk responsibility! Who’s responsible for what if something goes wrong?
In general, when this clause is revisited after the contract has been concluded, it’s because the relationship between the parties has begun to strain: all the more reason to devote time to it when the contract is being set up!
We are mainly talking here about the clause that deals with the liability of both parties in the event of damage, loss or claims resulting from the work of the service provider (or one of . They also define liability limits and exclusions, as well as compensation obligations and procedures. Liability and indemnity clauses must be balanced, reasonable and in compliance with applicable laws and regulations. You need to negotiate liability and indemnity clauses with the supplier based on the nature and scope of the work, potential risks and impacts, and insurance coverage and policies.
Conclusion
For many companies, large and small, outsourcing is a must. Ensuring a lasting and effective partnership between customer and outsourcing service provider requires – at the very least – consideration of the essential points discussed in this article.
However, it is essential to bear in mind that contract conclusion is only one (albeit important) stage in the contract life cycle. Next comes project execution and management, which is just as crucial.
If you need any assistance in this area, don’t hesitate to contact Prime Conseil’s team of contract management consultants!
