CHICAGO -- The process of outsourcing data center functions to a third-party provider is fraught with commercial and legal peril, especially when it comes to negotiating and executing service contracts. But there are several steps that companies wishing to outsource can take to minimize risk and liability.
Brad L. Peterson, a partner with the Chicago law firm Mayer, Brown, Rowe & Maw LLP, said the disputes that pop up in the course of an outsourcing relationship usually stem from the fact that data center functions are notoriously hard to write up in contract-ease. The reason is because those functions are always changing and tough to predict for the long term.
"It's critical that the services be properly described, but unfortunately it's also extremely difficult," Peterson told attendees of TechTarget's Data Center Decisions 2004 conference. "It's impossible to say what technologies will be out there in five years, and whether your business will be larger or smaller."
To minimize the problems associated with outsourcing, it's important to first identify the risks. While each outsourcing deal presents unique issues, the risks generally fall into four main areas:
Operational Risks: These include the financial and legal risks that arise when transitioning into an outsourcing relationship and allowing a service provider to transform services to reduce their cost. They also include the legal ramifications of exiting a contract when services are no longer needed.
Commercial Risks: Companies usually enter into outsourcing contracts to save money. This can create problems because when companies lock themselves into a service contract, they generally lock in a price. As time goes on, market levels change and the customer company could end up paying too much for the services they receive.
Business/Strategic Risks: Businesses are constantly identifying new strategic initiatives. If a third-party IT provider can't accommodate new goals, the customer company might want out of the contract.
Legal Risks: These include privacy issues, regulatory factors, outsourcing laws and legal liability. "There is a tremendous amount of industry-specific regulation around outsourcing," Peterson said.
Peterson told the crowd that the key to mitigating contract risks from the outset of an outsourcing relationship is due diligence in the pre-contracting model. He said companies need to properly assess how such an outsourcing contract can change the risk levels of their organization. This can be done by thoroughly researching possible suppliers and the services they provide, and then creating a risk model.
The risk model should take into account certain factors such as industry regulations. Interestingly, he said, companies that create such models sometimes find that it's not worth it to enter into outsourcing because the risk levels go up too high.
Companies can help to reduce some operational risk by communicating clearly with employees, especially those who may become disgruntled after losing their job to outsourcing. Make sure they're aware of the benefits and assistance available to them, Peterson said.
The keys to creating viable service contracts are flexibility and clear definitions of the services provided. Peterson said companies should include specific language that explains the base price for typical services. Also, include "safety nets," such as language that gives the customer the option to add or reduce the scope of the contract.
Exiting a binding contract can create legal and commercial troubles for both the supplier and the customer company. Customers should make sure the legal agreement specifies their rights to obtain all technical support and copies of data .
Conference attendee Phil Zakoor, vice president of infrastructure management at Innovapost Inc., a consulting firm in Ottawa, has dealt with the creation of outsourcing relationships closely, and said that proper language is the most important contributor to the ultimate success of a contract.
"I think some of the most important things are defining services and deliverables," Zakoor said. "Making sure you have due diligence is truly important."
Another conference attendee, who asked not to be identified, said he is leery of on-demand vendors that tout their "collaborative approaches" and their ability to truly partner with companies.
He said people need to understand that despite these collaborative approaches, there are no friends in outsourcing, just business partners. He said that all the vendor talk about partnership and collaboration is no substitute for a strongly worded contract.
"With collaboration, [vendors] come in with weaker terms and conditions and weaker specificity and I think you may end up with more problems in the long run," he said.