Archive for the 'Outsourcing' Category

Survey higlights key issues for senior IT professionals in IT outsourcing contracts

Supply Management, the official journal of the Chartered Institute of Purchasing and Supply, yesterday published details of a report by outsourcing consultancy Alsbridge into customer satisfaction with IT outsourcing arrangements.

According to the report, just over a quarter of the 250 senior IT professionals canvassed were unhappy with at least one of their IT outsourcing contracts, with 76% considering renegotiating or retendering two or more of their IT outsourcing contracts before the end of the term.

The reasons for this are telling, if unsurprising.

Too much left to be agreed post signature
40% of respondents said that they had left too many important details in the contract to be confirmed at the point at which the deal was signed.

There is often a push to sign a contract by a certain date, come what may.

However, that can be dangerous. Once a contract has been signed, the balance of power shifts hugely in favour of the supplier, meaning that the customer will usually be in a very weak position when it comes to reaching agreement on the outstanding issues.

If things are left to be agreed, it is therefore essential that the contract sets out a clear process for agreeing those outstanding points (with appropriate remedies if agreement can’t be reached) and that key commercial issues are resolved prior to signature.

Changing requirements
54% of respondents said that their IT outsourcing contracts failed to keep up to date with changing technology needs, with 46% saying that the contract also failed to keep up with changing business needs.

These are classic problems, particularly in long term outsourcing contracts. IT quickly dates, and the requirements of the customer’s business are always changing. It’s therefore essential that the contract includes a process for ensuring continuous improvement obligations. This might include IT refresh obligations, obligations to keep up to date with industry best practice or to adopt industry standards, and an obligation to regularly propose ways in which the services can be improved or delivered at better value.

Combined with this, it’s also important to ensure that the contract contains a robust governance and change control procedure, which allows the customer to ensure that issues are managed and to introduce changes to reflect the changing needs of its business. This might also include clear processes for ramping up or ramping down service provision or the scope of the services in the event of changing business requirements.

Value for money
Another theme coming out of the survey was value for money. 49% of respondents cited diminishing returns on their IT outsourcing investments, whilst 36% highlighted problems with complacent suppliers. A further 46% of respondents said that they were under pressure to cut costs.

Benchmarking provisions can help a customer to keep tracks on whether its outsourcing contracts are delivery value for money. However, a bechmarking regime is only effective if it encourages the supplier to keep its service provision competitive. Key to that is ensuring that the customer has adequate remedies in the event that the benchmarking findings show that the supplier is out of step with the market. This might include mandatory price reductions or ensuring that the customer can break the contract and move to another supplier (albeit the latter is not without cost, given the expense involved in carrying out a new procurement exercise and transition to another vendor).

Long term, not short term
If these issues are properly addressed in the contract then the outsourcing arrangement is likely to be more productive and rewarding for both the customer and the supplier.

Whilst there is always a pressure to sign deals as soon as possible (particularly against articial deadlines such as the end of a calendar year or the supplier’s quarter), this survey just goes to show that spending more time on the contract (and involving legal input at an early stage in the procurement process) can lead to a more satisfactory outsourcing relationship in the long term.

Which, ultimately, is what outsourcing is all about.

Martin Sloan

Court of Appeal overturns previous decision on obligations of good faith

Last year, the English courts ruled that an obligation could be implied into a contract that the parties would not exercise a discretion under that contract in a manner that was arbitary, capricious or irrational.

The case related to an outsourcing contract between an NHS Trust and catering company Compass, trading as Medirest. The contract contained a service level regime, but unusually the “Service Failure Points” (SFPs) awarded for a breach of the service levels, which in turn could lead to a right to terminate, appeared to be determined at the discretion of the NHS Trust (the customer).

As the relationship broke down, the NHS Trust allocated apparently disportionately high SFPs for individual breaches. Amongst the examples quoted by the judge was the award of over 30,000 SPFs and a deduction of £46,000 from the charges for an out of date box of tomato ketchup sachets found in a store room. By way of comparison, the fees were around £180,000 a month, and only 1,400 SPFs were required in a six month period to trigger a right to terminate.

The court held that the Trust had a discretion under the contract and therefore, in accordance with previous case law, a term should be implied not to act in a manner that is arbitary, capricious or irrational. The court in turn held that the Trust was in breach of that obligation and that Medirest was intitled to terminate for breach.

You can read a full summary of the original judgment in this previous blogpost.

The Court of Appeal’s decision
The Trust appealed on a number of grounds. On appeal, the Court of Appeal overturned the lower court’s decision, holding amongst other things that there was no need for the implied term.

Whilst the SFPs and deductions made were clearly absurd, the Court of Appeal took the view that the Trust had misinterpreted and misapplied the SPF and deduction procedure, but that it had not acted dishonestly.

If the Trust awarded itself execessive SFPs or deductions then that would be a breach of clause 5.8 (which dealt with the application of SFPs and deductions) – no further implied term was required to make that work. Indeed, clause 5.8 stated that SFPs and deductions that were not justified were deemed to have been cancelled.

As the SFPs had expired and the Trust had refunded the excessive deductions, the breach had been cured. Medirest was not, therefore entitled to terminate the contract for material breach.

The Court of Appeal’s judgment clarifies a number of points:

  • An implied term not to act arbitarily, capriciously or irrationally will only be applied where the part in question has genuine discretion about how to exercise a right under a contract, and where there is a range of options. In this case, the Court of Appeal held that the discretation was simply whether or not to exercise a contractual right.
  • Jackson LJ’s view was that any attempt to exclude such an implied term where it might otherwise apply would have to be explicitly stated and agreed by the parties (it could not be excluded by a general exclusion of implied terms).

The case serves also as a general reminder to organisations to ensure that their contractual arrangements are clear and unambiguous. In this case, the contract comprised a standard NHS contract and a procedure from a PFI contract for service failures and deductions. The two did not sit well together. Had the contract been properly drafted, then it is possible that the Trust may not have acted in the way it did, and that the relationship between the parties may not have broken down quite so irrepairably.

The case should also act as a warning to parties to think before terminating for material breach. In this case, it appears that Medirest was already in breach of contract, and that the Trust had also served notice to terminate. However, wrongfully claiming repudiatory breach and ceasing to perform your obligations is likely to lead to a substantial damages claim from the other party. This is particularly so where the terminating party is the supplier under an outsourcing arrangement, where the sudden cessation of the services could cause substantial damage.

Martin Sloan

Is it reasonable to dismiss an employee at the request of the customer under an outsourcing agreement?

Our Employment Law colleagues have blogged on a recent Employment Appeals Tribunal decision over the dismissal of an employee by an outsourcing services provider following a request by the customer to remove the inidivual.

You can read more about the EAT’s decision by following this link.

Provisions that allow the customer to demand the removal of a member of staff are often an area of disagreement when negotiating an outsourcing contract. Often, the customer will require such a right for regulatory reasons (for example to comply with the FSA’s rules on outsourcing). However, the customer will also often insist on such a right to maintain the smooth running of the services and to ensure that disruptive employees (or those suspected of wrongdoing) are removed.

Outsourcing suppliers frequently push back on this as they fear that complying with such a request could lead to an unfair or constructive dismissal claim from the employee concerned.

This decision confirms that a decision to dismiss an employee at the request of a third party can be reasonable (and therefore lawful). However, the employer must consider the degree of any injustice on the employee and what alternative steps could be taken prior, or as an alternative to, dismissal. In this case, it appears that the employer did not investigate the underlying problem before dismissing the employee.

The decision will provide customers with some reassurance that such provisions are reasonable and should not automatically cause the outsourcing services supplier to be in breach of its obligations under employment laws, whilst also providing outsourcing services suppliers with some guidance on how such requests should be handled.

Martin Sloan

Our Public Law team blog on a legal challenge to Barnet Council’s decision to outsource a wide range of services to outsourcing firm Capita. The judicial review is based on a number fo grounds, including an alleged breach of the public procurement regulations and an alleged breach of the Council’s fiduciary duty to tax payers.

As local authorities increasingly look to efficiences that can be made through shared sevrices and outsourcing, this hearing will be closely watched by both local authorities and suppliers of outsourcing services.

Brodies PublicLawBlog

Local authorities are increasingly expected to to find new and innovative ways of managing diminishing budgets and limited resources but the recent move by Barnet Council to outsource £320m worth of services has caused some to ask whether they have gone a step too far.

The Council has reportedly agreed to outsource services including the Council’s call centre, payroll, information technology and human resources to Capita over a 10 year period.  This has resulted in a backlash from some residents, one of whom (a disabled person who fears that the agreement could have an adverse impact on the support services she currently receives) has raised judicial review proceedings in the English High Court. 

The argument is that the contract is unlawful because the Council: (1) failed to comply with section 3(2) of the Local Government Act 1999 which places an obligation on local authorities to consult all stakeholders including residents…

View original post 67 more words

Christine O’Neill blogs on our PublicLaw blog about the Information Tribunal’s first hearing in Scotland, following Scottish Borders Council’s appeal against its monetary penalty under the Data Protection Act issued as a result of a data breach by a contractor working on behalf of the Council.

Brodies PublicLawBlog

Interesting story carried by the BBC today suggests that (I think for the first time) the Information Tribunal (more properly the First tier Tribunal – Information Rights) is going to sit in Scotland to hear an appeal from a decision of the UK Information Commissioner. As has been widely reported, Scottish Borders Council was fined £250,000 by the ICO in relation to the discovery of pensions records in a supermarket car park.

SBC is appealing against the level of the fine and, it appears, the Tribunal has determined that it should hold an oral hearing in March in Edinburgh or in the Borders. A rare chance to see the Tribunal at work north of the border.

Christine O'Neill

View original post

Better the devil you know? Proposed reform to Service Provision Changes and the application of TUPE

The Government has recently announced that it is proposing to make a number of changes to the scope of the Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE”).

These proposals include the removal of references to service provision changes: outsourcing, ‘second generation’ outsourcing (i.e. the transfer of the outsourced services from one provider to another) or in-sourcing.

As it currently stands, TUPE will apply where a service provision change takes place which involves an organised grouping of individuals in Great Britain whose principal purpose is carrying out activities which are transferred to a new provider. The effect of this is, of course, that the outgoing and incoming parties in such a scenario have duties to inform and consult with the affected employees about the transfer, and the affected employees’ employment will automatically transfer to the new provider.

For many the benefit of the current system is certainty. Generally, parties involved in a service provision change will presume that TUPE will apply and are prepared to negotiate the contractual documentation on that basis – the parties know where they stand.

However, the UK Government was not under an obligation to develop TUPE law by expressly stating that TUPE would apply on a service provision change and many felt that this was a step too far – increasing costs on the parties in respect of situations which may previously have been outside the regulations’ scope. These concerns have led to the Government’s current proposals.

Should the service provision change references be removed from TUPE it must be remembered that many service provision changes will still be caught by TUPE anyway. The standard TUPE test is met where there is a transfer of an economic entity that retains its identity. However, parties will be left having to step back in time to look at older case law to assess whether TUPE applies to their situation

What now?
The Government’s consultation closes on 11 April 2013.

Should the Government decide to take the proposals forward any changes will not be implemented until October 2013. Even if the reference to service provision changes is removed at that time there is certainly no need to panic! The Government is aware that:

  • many contracts involving service provision changes are drafted on the basis that TUPE will apply on the cessation of the services (i.e. on ‘exit’), and therefore obligations and liabilities in respect of TUPE will have been heavily negotiated and factored into the deal commercials; and
  • outsourcing projects can be very large, complicated and a significant amount of time can pass between the initial planning stage and the implementation stage where the services actually transfer.

As a result, the Government recognises that there will need to be a transitional period prior to any change in the law becoming effective.

The Government is due to publish its response to the consultation in July and there will be much more clarity on what is going to happen at that time. Many hope for the status quo to continue and say it’s never too late for the Government to change its mind, but given the numerous changes the Government are making to employment law at the moment I would be surprised if the changes didn’t go ahead. However, it’s certainly a case of watch this space…

You can take part in the consultation by following this link.

Andrew McConnell

Andrew is an associate in Brodies’ Employment, Pensions and Benefits department, and regularly advises on the application of TUPE to outsourcing and services agreements. Andrew blogs on Brodies’ EmploymentBlog.

Drafting enforceable dispute resolution clauses

Debate often surrounds the negotiation and enforceability of alternative dispute resolution (ADR) clauses that provide for mediation or conciliation prior to arbitration or the commencement of court proceedings.

The High Court’s recent decision in Wah v Grant Thornton International Limited emphasised the importance of precision in drafting to ensure alternative dispute resolution clauses can be enforced before proceeding to court should difficulties arise.

The court’s decision
Generally speaking, neither English or Scots law recognises an agreement to agree (such as an obligation to negotiate amicably) as being enforceable. On its own, such an obligation is too imprecise to impose a contractually binding obligation. This means that ADR or dispute escalation clauses have to be carefully drafted in order to be enforceable.

In Wah, Judge Hildyard explained that the Courts have to balance giving effect to what the parties agree and ensuring that what the parties have agreed is capable of being given legal effect. In order to be enforceable the clause must sufficiently detail the process to be invoked and the parties’ obligations.

The ADR clause in Wah detailed an ADR procedure for resolution of any disagreements, which comprised an escalation procedure and arbitration.

Although lengthy, the High Court held that the pre-arbitration escalation clause was not a valid pre-condition to starting arbitration proceedings because the process was not sufficiently defined and was vague in terms of the parties’ respective obligations. In particular, it did not detail the nature of any attempts to resolve any disagreements, or what the escalation representatives were required to do.

Where an ADR clause is silent or does not specifically prohibit a party commencing proceedings (whether in court or artbitration) prior to the conclusion of certain clearly specified events (such as the completion of a multi-tiered escalation process), then either party can commence those proceedings at any point. In Wah, the ADR clause was not considered a condition precedent and therefore the arbitral tribunal had jurisdiction to hear the claim notwithstanding that the escalation process had not been completed.

Drafting tips
This case highlights the importance of negotiating clear ADR clauses when drafting contracts.

  • Any ADR clause should clearly detail the process to be followed before court or arbitration proceedings can be instigated.
  • The parties should consider how the clause will apply in practice and consider if the process detailed in the agreement is workable.
  • If the ADR clause includes expert determination, then the parties should ensure the powers given to these appointed experts are sufficient to resolve any potential issues. A failure to provide the expert with the relevant powers could result in the clause being held as unenforceable and case progressing to the courts.

Resolving agreements to agree
It’s also important to remember that a dispute resolution procedure cannot always resolve a dispute if the underlying clause in the contract does not give sufficient guidance on what is required.

Agreements to agree are often inevitable in complex, long term commercial or outsourcing contracts. Sometimes during contract negotiations it is suggested that if during the term of the contract the parties are unable to reach agreement on an agreement to agree then the clause should state that the matter should be “resolved in accordance with the dispute resolution procedure”. Whilst this sounds great in principle, it may not work in practice. An escalation procedure may help focus and resolve areas of commercial disagreement. If, however, the process ultimately concludes with reference to an expert, arbiter or court, then it may not provide a satisfactory resolution unless the contract provides the expert, arbiter or court with a clear basis on which to make its decision.

For example, if the contract contains an agreement to agree (such as an obligation to negotiate and agree in good faith) in relation to the charges that a supplier may impose in the event that a contract is extended, then if the expectation of the customer is that the charges will not be any higher than those currently imposed, then the original clause should clearly state this and provide the expert, arbiter or court with a clear set of rules or principles upon which it is expected to make its decision.

If the contract doesn’t provide sufficient guidance on how the issue in dispute is to be resolved, then the outcome may not be the one that you are expecting – the expert, arbiter or court may consider that it is unable to resolve the dispute, leaving you in a deadlock, or (perhaps even worse) issue a decision that is not what you were expecting.

Martin Sloan

Hurricane Sandy highlights the importance of effective IT business continuity planning

We’ve blogged on several occasions about the importance of business continuty and disaster recovery plans – most notably about the impact on global supply chains following the giant ash cloud caused by the erruption of Eyjafjallajoekull in 2010.

I was surprised at the impact that Hurricane Sandy had on the Internet earlier this week, with several major websites (including the Huffington Post, Gizmodo and Gawker) being knocked offline for several hours as a result of flooding and damage on the east coast of the United States. According to reports, a data centre lost power as a result of a battery failure caused by flooding.

Using third party data centres and IaaS vendors can provide a way of mitigating some of the risks of business interuption. Cloud providers are often better placed to manage these risks as they often operate multiple data centres which should, in theory, mitigate the impact of a single event. But in this case, for whatever reason, that hasn’t happened.

For the websites affected by Hurricane Sandy, that downtime will have led to a substantial loss of advertising revenue across the globe. Assuming that the hosting company has otherwise complied with its contractual obligations, it’s unlikely that the website operators would be able to recover any costs from the hosting company as the hosting company will likely claim relief under the force majeure provisions in its contract.

Geographic separation
When assessing your business continuity arrangements (and those of your suppliers), it’s therefore important that one of the things that you review the proximity of any back-up facility to the primary site. Events such as tropical storms, earthquakes, power failures and civil unrest can affect a large area, meaning that multiple data centres on either side of a single connurbation could easily be affected.

As one person I follow on Twitter said, what will happen to the Internet when the Big One finally hits California?

And it’s not just the data centre location that you need to think about.

I once heard a tale about an organisation who used two telecoms companies to provide physically telecoms links between its primary office and its data centre elsewhere in the city. All was well until roadworks took place on a bridge over a river. Whilst each company used physically separate cables between the premises (including separate points of exit and entry), it turned out that the bridge in question was a single point of failure – both companies had chosen to route their cables across the river using the same bridge – and a single jack hammer blow took out both links.

New ICO guidance on the use of cloud services

The Information Commissioner’s Office (ICO) has published new guidance on the use of cloud computing services. The guidance is intended to provide an overview of how data protection law applies to businesses that utilise cloud based solutions to handle and process data.

The guidance is essential reading for any organisation that currently utilises (or is considering utilising) cloud based solutions, and emphasises that organisations remain responsible for the security of data that they store or process in the cloud.

The guidance
The guidance covers a variety of cloud based services, including infrastrastructure as a service (IaaS), platform as a service (Paas), and software as a service (SaaS). It also considers the differences between private, public and hybrid deployment models, and “layered” services where, for example, a SaaS vendor is in turn utilising a third party IaaS vendor – such as using a third party SaaS service that is hosted on servers by Amazon Web Services.

Issues covered by the guidance include:

  • Identifying the data controller (or data controllers)
  • The data controller’s responsibilities – including risk assessment, due diligence and monitoring
  • Selecting a cloud provider
  • Access control and protecting your data
  • Encryption
  • Understanding how the cloud provider will process data – for example, will it use any of the data processed by it for the purposes of targeted advertising?
  • Use of cloud services located outside the UK/EEA – including the importance of understanding where the cloud provider will store and process data
  • Staff training

The guidance also provides a checklist to help organisations assess the risks of using a cloud service, covering confidentiality, integrity of the data, availability and legal/contractual issues.

Assessing the cloud provider’s security measures
As with previous ICO guidance on outsourcing, the guidance emphasises the importance of pre-contractual diligence, appropriate written contractual terms between the data controller and the cloud provider (which prevent the cloud provider from changing the terms of service without your approval), and regular monitoring and oversight of the cloud provider’s compliance with the agreed information security measures. As the ICO notes, the fact that auditing and oversight may be harder with a cloud provider does not lessen the data controller’s obligations under the Data Protection Act.

The ICO does recognise the role that independent security audits (such as an ISAE3402 or SSAE16 report) can play in verifying the adequacy of the cloud provider’s security measures. For more on the use of such audits see this previous TechBlog post.

Organisations should, however, be aware that the ICO draws a distinction between security audits conducted in accordance with recognised independent standards, and industry recognised standards and kitemark schemes, as a kitemark is unlikely to address all aspects of data protection compliance.

Increased regulatory focus
As the fine issued last month to Scottish Borders Council illustrates, the adequacy of outsourcing arrangements is a area coming under increased scrutiny from the ICO, with hefty fines being levied where data controllers have failed to exercise appropriate oversight of their data processors.

For organisations that are increasingly looking to use cloud based services, this guidance will provide a timely reminder of the important steps that should be taken to ensure that such services do not adversely impact upon the security of personal data.

You can download the guidance from the ICO website.

Techblogger article on interim contractual remedies under Scots law

My colleague Iain Rutherford and I have an article in this month’s edition of SCL Magazine, looking some of the unique interim remedies available to parties contracting under Scots law, following a recent case at the Court of Session in Edinburgh.

The article looks at these remedies from the perspective of those involved in ICT and outsourcing contracts, and will be of particular interest to organisations that contract under Scots law, contract with a Scottish entity, or otherwise have the option of opting for Scots law jurisdiction.

For example, IT and outsourcing suppliers contracting under Scots law with Scottish organisations should be aware of the interim orders available to their customers and the tactical advantage this may give to their customers in the event of a dispute.

Similarly, organisations (whether Scottish or otherwise) that currently opt to contract under English law may wish to consider whether these remedies would provide them with more effective tools in the event of a dispute.

You can read the article by following this link.

Twitter: @BrodiesTechBlog feed

December 2017
« May    

%d bloggers like this: