Outsourcing is a concept of hiring external support to perform internal activities for the entity. It is one of the most prevalent operational processes across different business domains. From top private banks, insurance companies, large corporate conglomerates to early-stage startups use outside resources to perform certain activities. However, this activity was often and mostly associated with IT companies in the last decade. Entities may avail the products and services of IT companies to serve their internal technology-backed operations or even avail the services of the outsourcing company’s workforce, for example for IT consulting, programming and more.
While hiring such external support, the most significant aspect is about structuring the relationship between the service recipient and the service provider. These relationships are primarily guided by the Outsourcing Service Agreements. Such an agreement captures the nature of the services involved, the pricing for the services, the timeline and delivery of services and regulating terms and conditions for the provision of such services.
This post will give you an overview of some essential clauses of IT Outsourcing Service Agreements, apart from the standard and mandatorily recommended clauses of Intellectual Property Protection, Confidentiality, Indemnities, Liabilities, Jurisdiction.
1. Definitions: It is always important to define the term “Services” or “Outsourced services” usually in a separate definition clause. This allows the parties to clearly identify the scope and limitations of the services provided by the service provider. In a standard service agreement, it is advisable to attach the list of services in a separate annexure. This allows the parties to make changes to only the attachments if the scope of services is modified at a future date. Below is the suggestive language for this clause-
“Services means any of the obligations of the Service Provider under or in connection with this Agreement as set out in [Annexure 1] and where the context permits, obligations and activities in connection with such services.”
2. Appointment: It is important to lay down the clause appointing the service provider to provide the agreed services to the customer. This identifies the intention of the customer to appoint the service provider and the acceptance of such appointment by the service provider. Such an appointment may be exclusive (meaning the service provider will provide the agreed services to the customer alone and not to any other party) or non-exclusive. Below is the suggestive language for this clause-
“The Customer hereby appoints the Service Provider, and the Service Provider hereby accepts such appointment, as the [non-exclusive/exclusive] provider of the Services to the Customer.”
3. Service Standards: For a customer, the most important aspect while availing services from a third party is to ensure that the service quality and standard are on par with the expectations of the customer. While entering into the agreement, it may be difficult to ascertain the service quality for some parts of the services and therefore the terms like “best industry standards and practices”, “professional and workmanlike manner” may be used. The customer may also lay down the policies and procedures for the service provider and the same may also be taken as a threshold for the performance of the service. Typically, for software or application-based services, the expectations are designed in the manner of service level agreements (popularly known as SLAs). The SLAs lays down the uptime expectations, categories of severities, query/severity response and resolution time, escalation matrix and more.
4. Service Provider’s Personnel: If services are to be performed by the personnel of the service provider, either wholly or partly, it is important to lay down the obligations of such personnel while performing the services. Some services may also require the personnel to be present in the premises of the customer and therefore the personnel may be required to follow procedures and protocols while performing activities in the premises. From the perspective of personnel’s wages under Indian labour legislations, it is important to clarify that the service provider is responsible for the payment of wages of such personnel. Below is the suggestive language for this clause-
“The Service Provider shall ensure that the Services are provided by persons who are suitably experienced, trained and qualified for, and competent to perform the Services. Service Providers’ personnel shall at all times remain under the employment of the Service Provider and would work under the sole and direct supervision/control of the Service Provider. The Service Provider shall be responsible for the supervision and control, emoluments, compensations and all claims of its personnel. The Service Provider shall ensure that any of its personnel, entering into Customer’s premises and/or having access Customer’s systems, data or information shall act lawfully and comply with the procedures laid down by the Customer and have been subject to confidentiality obligations or any such agreement by the Service Provider. The Service Provider shall be responsible for the actions or omissions of its personnel.”
5. Security and Data Protection: Security issues and data protection are the major concerns when it comes to outsourcing IT activities. A customer may not close the deal if the service provider does not maintain appropriate safety and security protocols and gives an assurance that the customer’s data will be handled lawfully in a safe and secure environment. Certain IT security measures and standards are also prescribed by the government regulators and therefore are mandatorily to be captured in the concerned agreement.
“The Service Provider shall ensure that it implements, follows and maintains appropriate security controls and procedures, consistent with required IT security standards under the applicable laws or as may be required by the Customer. Without prejudice to the generality of the foregoing, the Service Provider shall ensure that the Customer’s data is handled, processed and stored at all times, in such manner as is consistent with required IT security standards under the applicable laws or as may be required by the Customer. The Service Provider shall protect Customer’s data from unauthorised use, access and interference while such data is in the Service Provider’s possession and when it is in transit across a network (whether public or private).”
6. Compliance with Law: While availing services from an external entity, it is important to ensure that the service provider complies with all the laws applicable to itself as well as to the customer’s entity. Some regulated entities such as banks, NBFCs, insurance companies may have additional regulatory requirements prescribed by the government regulators such as RBI outsourcing guidelines, IRDAI outsourcing guidelines and more. In such cases, it is significant to obligate the service provider to comply with such additional legal requirements as well. Below is the suggestive language for this clause-
“The Service Provider shall, in performing its obligations under this Agreement, comply with all applicable laws and perform the Services in a way which enables the Customer to comply with applicable laws. Notwithstanding the generality of the foregoing, the Supplier shall implement, maintain and observe all such procedures and protocols as may be appropriate in accordance with the [RBI/IRDAI/XYZ] rules and regulations applicable to this Agreement.”
7. Continuity of Business: When a customer outsources certain activities, it relies on the service provider to continue to remain in business and provide the services to the customer. If the service provider temporarily or even permanently stops the operations for any reason without sufficient time and notice to the customer, the customer’s business and revenue may suffer. This is why the clauses around continuity of services and transition of services is recommended in any IT outsourcing agreement. Below is the suggestive language for this clause-
“The Service Provider shall have and maintain up-to-date business continuity procedures or disaster recovery plans to ensure that in the event of a failure or disruption to the Service Provider’s infrastructure or otherwise, for any reason, the Service Provider is able to continue to provide the Services and otherwise perform its obligations under this Agreement to normal performance levels.”
“Notwithstanding the termination or the expiration of this Agreement, the Customer in its sole discretion may request the Service Provider to assist the Customer, at mutually agreed costs and terms, in an orderly transition of the Services to a new service provider or the Customer.”
Disclaimer: This article is for informational purposes only and shall not be construed as a substitute for legal advice.