Embed Size (px)
Citation preview
Johan Vandendriessche Lawyer at the Bar of Brussels www.crosslaw.be [email protected] v 1.1 – 5 June 2013
Checklist – IT Outsourcing / BPO
This checklist highlights issues that need to be taken into account when drafting and negotiating an IT outsourcing agreement or a BPO agreement. Given the potentially large scope of issues, this checklist remain limited to the issues that are common to most outsourcing agreement. General Definitions
o Specific definitions o Reference to external glossaries (e.g. ITIL)
Interpretation rules Hierarchy of the contract documents
o Standard rule o Exceptions?
Form of the agreement in case of multi-jurisdictional outsourcing agreements Scope of the Agreement
Description of the scope of the agreement Description of the methodology of the services and the evolution of the services
o Continuous improvement o ‘Technology refresh’ o Evolution of the services in view of new laws and regulations o Knowledge sharing o Reporting
Roles & Responsibilities (RACI) Qualification of the obligations?
o Effort Obligations (“Middelenverbintenissen”) o Result obligations (“Resultaatsverbintenissen”)
Suspension of the services o Under which conditions?
Proportionality? Formalities?
With or without prior notice? Grace period prior to suspension?
Excluded?
2
Service Level Agreement o Service levels during transition? o Service levels after transition o How are the service levels modified? o Service credits and liability in case of failure to meet SLAs?
Cooperation with third parties service providers / suppliers Sites Change Control Procedure Transition Transition is a critical part of IT Outsourcing. Transition is usually described as a project prior to service delivery, with a project/transition plan (milestones and acceptance). The operational and legal responsibility is usually gradually transferred to the service provider. Pay particular attention to the transfer of: Assets (including restrictions of contracts and intellectual property rights) Employees (CAO32bis) Obligations
Client
o Duty to cooperate? Scope and extent of the obligation Restrictions of the information duty of the service provider?
o Provision of infrastructure / assets / resources o Requirements in relation to personnel? o Contract manager / project manager? o Supervision duty?
Service Provider o For projects: ‘time is of the essence’? o Availability and replacement of key personnel o Compliance with security and access policies
Prior communication Form? Provisions for negative impact on service provider?
o Quality control General obligation / specific obligations Certification duty? E.g.. ISO 9000 or 27000 series ?
o Evaluation procedures Contract Governance Contract Governance is an essential element throughout the life of the outsourcing agreement. Pay particular attention to the development of a good contract governance model.
3
Price and Payment
Price mechanisms Taxes Invoicing modalities Payment modalities Payment schedules / terms Penalties in case of late payment
o Interest o Indemnity o Suspension of the agreement (‘exception non adimpleti contractus’) o Formalities?
Price evolution (increase and decrease) o Unilateral modification by the service provider with termination option? o Price review mechanism (“indexation”)? o Benchmarking o Most favoured customer?
Duration and Termination
Duration of the agreement
o Effective Date and Commencement Date of the Services (generally phased as part of the transition project)
o Duration? o Undetermined duration (unusual, unless after an initial period)
Termination of the agreement o Termination for convenience
By the client With or without compensation? Which notice period?
By the service provider With or without compensation? Which notice period?
Prolongation option after termination?(continuity measure) o Termination for cause
By the client? Which causes? Which conditions? Which formalities?
By the service provider Which causes? Which conditions? Which formalities?
Conditions precedent and conditions subsequent?
4
Consequence of termination? o Exclusion of specific clauses (e.g. confidentiality) o Retransition!
Assets (including contracts and intellectual property rights) Personnel Retransition ‘in-house’ or to a new service provider?
Confidential Information, Data and Personal Data
Confidentiality and purpose limitation Client ownership? Security BCP & DRP Processing of personal data
o Choice of the service provider o Security obligation o Transborder data flows
Compliance requirements? ‘Step-in’-rights Nature of the breach Grace period? Formalities Cooperation duty between service providers Costs? Phasing out of the ‘step-in’ (how and when?) Liability and Insurance
Limitation of liability
o Of the service provider? o Of the client? o Both parties?
Which limitations? o Nature of the breach o Amount of damages o Nature of the damages
Exclusion of ‘indirect and consequential damages’ o Definition? o List? o List of direct damages?
Carve-out of limitations (unlimited liability for specific cases)? o Violation of confidentiality obligations o Violation of third party intellectual property rights? o Violation of data protection rules? o Other cases?
Period after which claims are barred? Hold harmless obligations?
5
Insurance duty? o Fixed amount or reasonable amount? o Obligation to provide insurance certificate? o Notification in case of termination or modification of insurance policy?
Unforeseen Circumstances
Force Majeure o Definition of reference to legislation/case law? o Scope of force majeure? o Information duty? o Termination of the agreement
When? By whom?
o Obligation to mitigate consequences Hardship clause? Intellectual Property Regime in relation to pre-existing materials Transfer or licence to new materials, if relevant? Know-how? Warranty in relation to intellectual property infringements Warranties
Service provider o Fitness for purpose
Document client specifications? Legal and/or technical specifications and/or standards?
o Compliance with tax and social law obligations (LIMOSA, …) o Compliance with applicable law and regulations o Ownership or licence of tools / equipment used for the provision of the
services o Absence of harmful code (virus, Trojan horse, time-bomb …) o Explicit limitations or exclusions?
Client o Warranty in relation to data protection o Warranty in relation to the absence of harmful code o Warranty in relation to transfer of employees (CAO32bis)
Remedies? o Repair
Absolute duty? Relative duty (‘substantially conforming to’)
o Reimbursement o Termination of the agreement o ‘sole remedy’ or other remedies?
6
Notices Form Language Address Evidence rules? Audit Scope Modalities Cost Consequences Access to internal audit reports or certification audit reports (e.g. regular ISO 27000
audits / SAS70) ‘Boilerplate’ Clauses Comparable to standard agreements.
