IT Outsourcing

IT outsourcing may involve the transfer of staff and assets from within an organisation to an outsource provider. The provider may have formerly provided the services on a support basis.

There may be a provision of comprehensive IT services by the outsource provider back to the organisation in accordance with an agreed service level. Contracts may be for a medium to long-term duration, depending on the nature of the services.

Outsourced functions may range from research and development, procurement, training, contract management, applications development, data centre and assistance infrastructure, and telecommunications. Contract duration may run from five to ten years.

Provider’s Obligations

The negotiation of the contract terms may be complex and take a considerable length of time.

There may be a tender process in which the customer’s particular requirements is specified in detail or in outline. Tenderers may be invited to offer more detailed solutions as part of the tendering process.

The outsourced IT provider may be obliged to meet defined service levels. The service level will require detailed specification. If they are not met, there may be liquidated damages or service credits allowed.

The outsourcing contract must describe the services to be provided. They may be multifaceted service. Core and ancillary services should be defined. Considerable challenges may arise in specifications specifying the terms of the contract.

Completion and Performance

In the initial phase, there are likely to be provisions for testing and acceptance. The acceptance may involve testing that particular outputs or requirements have been delivered and function.  The requirements may be specified in terms of outputs and defined performance level etc. The means by which they are achieved, including the details of how the systems operate will not necessarily be relevant provided that the required deliverables and specifications are provided.

A communications protocol should be provided. The protocol for interaction between the IT provider, other service providers, and the customer must be specified. The expectations in terms of response time and deliverables should be specified.

Service levels will not be a feature of most contracts. The less bespoke and more standard the contract is, the less likely that service levels will be provided. In some cases, there will be no meaningful service levels that can be applied.

Because the IT industry is constantly developing and because the service provider will wish to use consistent software and systems, there is likely to be provision for incorporating new releases and improvements in services into the standards.

Customer Duties

The customer will have obligations. In the case of outsourcing, the customer will generally transfer the initial facilities, employees, plant, equipment and in some cases, employees, as the circumstances require. If there are defects in those assets that have not been previously disclosed, this will impact on the provider’s liability.

The service provider will generally have an entitlement to earn revenue and a contract should not be capable of frustration by unilateral action on the part of the customer. Access may be required to the customer’s premises to provide the services on an ongoing basis. The contract should make appropriate provision.

The customer may be required to warrant its standing and other matters.


An outsourcing arrangement requires an ongoing working relationship between the parties. It requires considerable exchange of information and cooperation. The contract should set out the consultation review and reporting mechanisms in a workable and efficient way.

There may be meetings at various levels on an ongoing basis. There may be monthly meetings at project manager level in relation to ongoing operational matters and the resolution of disagreements on performance and standards issues that may have arisen. There may be less frequent meetings at a more senior level to resolve issues that cannot be resolved at the operational level and to deal with ongoing strategic matters and higher-level issues

There should be reporting process with reports regarding performance, failures of performance and remedial action. There should be provision for recording decisions made and agreed.


Agreements will usually provide warranties in relation to the status of the provider and issues relevant to the IT outsourcing. Implied terms will arise under the Sale of Goods and Supply of Services Act. However, detailed contractual terms will normally be provided and may displace the statutorily implied terms.

There may (for example) be warranties regarding

  • the performance of obligations,
  • use of skill and experienced human resources,
  • conformity of obligations with industry practice,
  • the standing of provider,
  • availability of requisite consents and IP consents and licensing rights.

Where software is provided, there may be warranties against viruses or other adverse elements. There may be warranties against hidden controls on the part of the provider that might adversely affect, disable or lock the system without the customer’s consent.

Data Protection

Compliance with data protection laws will be an important and sometimes critical issue The Data Protection Act and GDPR requires that data processors are appointed in terms that provide for and secure the statutory standard of protection of personal data. in accordance with certain conditions and are subject to controls.

The customer will generally remain as data controller while the provider may be a data processor.Both provider and supplier must comply with their Data Protection Act obligations as a data controller and data processor.

Warranties should secure that the other does not do anything which will cause the others to breach their obligation or impose liability on the other. For example, there may be warranties regarding the legitimacy of the data gathering by the customer and in relation to the methods of data processing by the provider.

The export of personal data outside the EEA is subject to controls. Third-party countries must offer sufficient protection for the protection of the data concerned before. The contract may provide a prohibition on transfer until there is a mechanism for verifying whether it can be done in compliance with existing data protection consent. In other cases, it may be necessary to revert back to the data subjects for consent.


As with most complex contracts, provisions should be made to take account of changes in circumstances, new technology, and change in business requirements. The contract should have a process by which changes may be discussed, agreed and given effect.

A fundamental aspect of a contract is that all matters must be agreed and that no variations may be made without the agreement of both parties. Accordingly, in order to deal with the above type of developments, a mechanism should be incorporated to provide automatically for variation in minor cases with a price variation if appropriate.

In other cases, the variation in scope and price must be agreed. There may be an assessment of the associated costs and benefits. The customer should be enabled to make an informed decision as to whether it wishes to proceed with the variation change. The costs incurred by to the account of the party, who has initiated the review, in most cases the customer.


Apart from the upgrading of standards arising from technological developments, the contract may provide mechanisms for review of performance, assessment, and consequences. There may be a third-party review by external consultants to assess whether the services are conforming to the contract requirements or benchmarked against external standards. This will be economic only in the case of larger scale outsourcing and would be relatively unusual. If benchmarking is provided for, it will be relatively infrequent perhaps every two to three years.

Benchmarking requires contractual provisions. They should allow access to the provider’s systems, services, and other facilities in order to perform the relevant review. If benchmarking finds that the services are overpriced or that the standard is less than the relevant benchmark, then the contract should provide as to what happens next.

The financial pricing terms are a matter of negotiation. The provider will make an assessment regarding the period over which it will recover fixed substantial costs. It may need to assess the life of the contract and the facilities provided so that costs are recovered over an appropriate time period.


Price adjustments may be required over a prolonged term. The parties may agree to increase price and charging levels in accordance with an index such as the retail Consumer Price Index or other appropriate index published by the CSO or appropriate statistics body.

The contract will provide for invoicing and payment, value added tax, interest on late payment in the usual way. If service credits arise for failures of performance, they should be worked into the financial obligation. They may have specified or ascertained values and be available for deduction against invoices.

There may be variations in the service requirements arising from circumstances and developments. The price will be required to be adjusted in accordance with the variation. Ideally, they should be agreed at an outset but this will not generally be possible in anything other than very simple adjustments.

It may be possible to provide a mechanism or formula to deal with some changes. It might reflect the additional cost to the provider plus additional costs, a proportion of fixed overheads and a profit.


The duration of the contract may be the subject of negotiation. The provider may wish to have a term over which it may recover its fixed and long-term costs. Many outsourcing contracts provide for a five to ten-year period. Against the desire/need for the provider for the write-off its costs over a period, are the fact of the changing nature of the information technology and the changing business needs of many customers. The customer may not wish to be locked to the provider for a prolonged period in these circumstances.

Issues of duration will arise again on the renewal of the contract after the initial terms have expired. Renewals may be for a shorter period than the initial contract if fixed and longer-term costs have already been recovered. There may be an option to extend the contract on the part of the customer. Price and commercial terms are likely to require renegotiation unless the option provides for the fixing of pricing completely or to a significant extent.

Service Credits

Service credits are monetary amounts, which may be fixed or determined by a formula by which a customer will be afforded a reduction in price if there has been a failure to meet the required performance standards. The service credits should incentivise the provider to perform and achieve the requisite standards. They provide an automatic remedy for the customer and avoid recourse to dispute resolution mechanisms.

The calculation of the service credit may be complex. Negotiation may be required. It is preferable that the credits are easily determined. Provided they are not penalties, they will qualify as valid liquidated damages provisions.

Service credits are not likely to be the only remedy. The relationship of service credits to liability generally should be defined. The service credits may be inappropriate in respect of large-scale and very serious breaches and failures of performance. There may be a cap on the liability to pay service credits.

Other rights may be granted to the customer for failures in performance. There may be other financial compensation and ultimately a right to terminate for serious and fundamental failures of performance.

Breach and Consequences

The contract must provide for failures of performance, non-compliance, and the consequences. A range of contingencies must be considered. Disaster recovery and business continuity provision should be made.

The provider may seek to limit its liability through exclusion and limitation clauses. Provided that the customer is not a consumer, such clauses are permissible in contracts for the supply of services. In other contexts, they may be required to meet a fair and reasonable requirement.

Complex outsourcing contracts will almost invariably be with non-consumer entities. See the sections on the limitation and exclusion of liability clauses in relation to service contracts.

There are likely to be remedies available to the customer in the event of serious fundamental and/or prolonged breaches such as total system failure, loss of data or intellectual property challenges.


The outsourcing contract should provide termination events. If minimum service levels are not met/provided, perhaps after notification or for a prolonged period, the customer may be entitled to terminate the contract. The contract may define the number or scale of repeat minor breaches which give rise ultimately to a right of termination.

The termination right may last for a period thereafter. It may give the innocent party the effective right to renegotiate it or walk away.

Where there are multiple services, there may be a right of partial termination where it is possible to separate one type of service from another.

Where there has been a substantial transfer of assets, the termination provisions should not be readily triggered, given the degree of commitment on each side. Exit and transfer back provisions would be required.

Break options may be provided for fault or not for fault. Some break options may be exercised at a particular time regardless of fault. These will have a critical effect on the economics of the contract from the provider’s perspective.

Dispute Resolution

Dispute resolution mechanisms should be incorporated to avoid litigation. In the first instance, project managers may seek to resolve disputes. Failing doing so, the matter may escalate higher in the organisation.

Serious breaches or an accumulation of serious and material breaches may be the subject of external, independent, expert determination, arbitration or litigation. Various bodies provide resources for mediation and arbitration. Mediation may be appropriate to a range of conflicts, disputes. Expert termination may be appropriate in some instances.

Where a material and serious breach has been committed, it may be appropriate for the other party to have a right to terminate and claim for damages. For example, there is a critical breach regarding intellectual property rights, disclosure of confidential information, insolvency etc., there may be provision for termination.