Outsourcing: Writing the contract

IT outsourcing contracts are not boilerplate. If a firm routinely uses a standard contract template, it is doing a disservice to both the vendor and itself. Contract writing for outsourcing should be viewed more like a prenuptial agreement with a spouse who is attractive today but could turn ugly tomorrow. The contract needs to have teeth. It needs to outline all of the characteristics and considerations of the relationship and spell out penalties and rewards for service level adherence. It should include clear accountabilities for liabilities and govern how the relationship’s information process occurs. Metrics, measurements and evaluation criteria should be clearly stated as well as the frequency for review of the relationship. Clear exit strategies for both firms and out provisions for breach of service must be clearly stated. The Service Level Agreement (SLA) should be written in concert with the contact and allow the contract to stand and enforce action if service conditions are un-met.

Negotiating the contract’s financial terms and service level requirements should be an equal and mutually beneficial experience. The contract should be agreeable to both parties and seek to maximize the benefits and outcomes of each party in the relationship. If the contract is written correctly it balances party interests while speaking specifically to repercussions of service level non-compliance. The contract, in its best form, should have the teeth to act as a judicial document that enforces and answers managerial needs arising from the Service Level Agreement.

Service Level Agreements for IT Outsourcing

When negotiating the contract with the outsourcing vendor, it is important to set up the relationship in such a way that the outsourcer delivers what is expected but is not put at a constant disadvantage. The best way to reach this goal is to define service level agreements (SLA’s) that set up the relationship for long term success. This begins during the negotiation process, when a clear value proposition associated with the vendor engagement must be clearly established. A necessary corollary step is to quantifiably articulate as many risk factors as possible and in such a way that both parties agree on the definitions. The process then can follow a fairly standard set of steps.

The value-proposition discussion leads into a broad service definition which must include both the strategic objectives of the relationship and a clear definition of the scope of the engagement. The key performance indicators (KPI’s) are usually defined by the originating company and frequently include general objectives such as cost reduction, quality, timely delivery and responsiveness. The scope definition should include measurable definitions of the services, activities, events, tasks, timetables, and artifacts that are expected by both parties. Clearly identifying what the vendor expects from the customer as well as the more traditional delineation of expectations going the other way allows the relationship to be positioned as a partnership, but measured as a client-customer relationship. An effective tool frequently used to articulate this is a responsibilities matrix, which outlines all of the scope components and then assigns responsibility to the vendor, the contracting company, or both.

Once both parties have agreed to the KPI’s and scope, more detailed definition of the tactical objectives helps to frame the more detailed work which will follow. Commonly identified tactical objectives include: staffing coverage, security, reliability, disaster recovery, language/customer service skills, ancillary/shared services, technology currency, compliance guarantees, integration with customer legacy infrastructure, and isolation from collateral risks (other customers).

The next logical step that flows from these framing steps is to define the terms and exclusions and measurement criteria associated with the services outlined in very specific terms. In order to accomplish this, the measurements should avoid averages if at all possible. Also, measurements should be from both an inside-out and an outside-in perspective. What this means is that wherever possible, individual components of the service delivery should be measured by themselves, along with the aggregated service delivered by a group of components or the entire solution. The latter measurements are not limited to technology performance but also include business process measurements that reflect the KPI’s outlined earlier.

Once measurements are defined, a definition of a “defect” must be agreed on by both parties for each of the areas being measured. This seemingly simple step is frequently one of the most difficult and contentious phases of the SLA negotiations. A well-thought-out definition of a defect will include secondary and tertiary impacts of a performance failure at each of measurement levels. Typical areas of consideration for these extended impacts are revenue loss, failure to comply with government regulations, and cascade effects from internal dependencies, either technological or business process.

Only after objectives are defined and measurements and defects are agreed to should a company begin to negotiate actual service levels. The service level agreement should follow a couple basic guidelines in defining the service levels themselves: avoid measures of averages wherever possible, focusing instead on specific measures, and use the SMART framework (stolen from Organizational Behavior) – specific, measurable, action-oriented, result-oriented, and time-bound criteria. SLA’s absolutely should contain penalties for non-performance, up to and including contract termination, and may include rewards for exceeding expectations as well, although this approach is passionately debated in the IT community. Note, however, that contract termination should only be a penalty of last resort. Instead, there should be levels of penalties, along with defined escalation and arbitration provisions, along with a defined remedy and after-action review process. The levels should match the business impact to the severity of the penalty, which is virtually always a monetary penalty. Additionally, the SLA’s should define a series of criteria outside of specific measures (such as repeated non-performance or number of incidents in a given timeframe) that would trigger a contract exit scenario. Each objective should have a specific SLA that measures the delivery against that objective, including transition services. One helpful tool for making sure this happens is to define a worst-case scenario for each service, technology, and interface and map out the cascading failures that would result. Additionally, single points of failure should be identified for services and technologies, with the severity of penalties matching the impact of the failure.

The last step of the process once the actual service levels are agreed to is to define a management update and review process. This should include the process for engaging senior management, what frequency and in what forum the reviews occur and what type of dashboard is appropriate as the framework for discussion.

Job Outsourcing continued..."Knowledge Management"