Outsourcing is once again on the rise, due to three key factors: (1) the increased use of cloud computing to deliver more services at a lower price, (2) a marked increase in the number of midsized, high-quality service providers offering a wide range of services, and (3) a maturation of the outsourcing industry, which has created stability and reduced risk.
However, this industry growth also has resulted in a more sophisticated approach to issues by both vendors and customers, requiring careful negotiation and clear drafting. Simple formulaic provisions can no longer be used to address the complex issues that exist today. Rather, vendors and customers are each attuned to the nuances of these deals, and the difference between a successful outsourcing arrangement and one that fails often comes down to the negotiation of the agreement and the related schedules.
Below are a few key areas to keep in mind when crafting a deal:
- As the outsourcing market has matured, the variety of available pricing models has expanded greatly. Straightforward fixed-fee and "per unit" pricing structures have given way to algorithms that take a number of factors into account. Customers need to understand how those models will work in various contexts and how they will evolve during the life of the agreement. Once the pricing model is negotiated, careful drafting is required to translate that model into clear contract language.
- Service levels are a key component of any outsourcing deal. However, all too often customers view these solely as a remedy in the event of a service failure. The reality is that service levels drive how a vendor allocates its resources. A carefully negotiated service level agreement (SLA) will take into account multiple factors, such as the importance of a function to the customer's operations and the penalty level that will drive the vendor's resource allocation. In many cases, a smaller number of carefully crafted service levels will be far more effective than a scattershot approach that tries to cover every measurable event.
- Perhaps the most difficult issue to resolve in an outsourcing negotiation is the limitation of liability. This is often due to the fact that the benefit each party stands to gain from the deal does not necessarily align with the liability exposure if there is a breach. Provisions that set a single liability cap for all breach events are often rejected since they do not account for the risks inherent in different types of incidents. Using a framework with different caps for different types of breach events is often more acceptable to the parties. This approach requires careful negotiation and drafting to ensure that the caps work together and protect both parties.
- Cybersecurity is front of mind for every company today, including when negotiating an outsourcing deal. Companies are concerned not only about data breaches but also about cyberattacks on vendors that might disable services, or weak cybersecurity that might lead to the introduction of malware on the other party's system. From a contractual point of view, there are four points of negotiation: (1) the cybersecurity standards to which the party must adhere, (2) the type of breach of those standards that would trigger liability, (3) what losses a party will cover, and (4) the liability cap amount. As with other provisions of outsourcing agreements today, a single approach to this complex issue is no longer sufficient. Rather, the parties need to carefully parse this issue and create various standards and caps, taking into account the types of damages that might result and which party should bear liability.