The importance of IT outsourcing – as a way to reduce costs and manage risks – has been brought into sharp focus during the economic downturn.  The recession may have bottomed, but by all accounts the “climb out” will be long and slow. Here are a few pointers to consider for the negotiation and management of outsourcing agreements:

• Unstable Suppliers:  It is important to conduct due diligence on IT service suppliers, since their financial stability may have been impacted by the loss or instability of their own customers. This due diligence review process can be built into outsourcing agreements, providing an opportunity to periodically re-assess the stability of the supplier. While this does not guarantee that the supplier will remain solvent, it can provide critical lead-time to plan contingencies in case the supplier goes bankrupt.
• Termination Issues: If the supplier does go bankrupt, it is important to recognize that Canadian bankruptcy laws give the court broad latitude to intervene in bankrupt companies. This means that standard termination clauses (which permit termination in the event of bankruptcy), and security interests granted under provincial legislation such as the PPSA, can be set aside by the court (for example, see: SR Telecom & Co. v. Apex – Micro Manufacturing Corporation, 2008 BCSC 1768). Also remember that software licenses can be cancelled if the IT supplier’s assets are sold within a court-approved bankruptcy. (Related reading: Update: Changes to Canada’s Bankruptcy Laws , IP Licenses and Bankruptcy).  Source-code escrow is another possible solution.
• Business Continuity Issues:   Outsourcing mission-critical functions can involve significant risks for business continuity.  For example, outsourcing agreements often include the remote hosting of important data, in servers that may be located in another part of the country, in the US, or offshore.  An outsourcing contract should oblige the IT supplier to assist with data migration and transition in the event of termination. At a minimum, the IT supplier should deliver the data, but in the case of a bankrupt or unstable supplier, this obligation may be difficult to enforce. Consider a mandatory automatic back-up system to outside servers that can be controlled by your organization, so that critical data is secure, even if the service is interrupted.
• Industry Guidelines: In certain sectors, outsourcing guidelines must be observed. Federally regulated financial entities (FREs), should take note of the updated guidelines released this year by the Office of the Superintendent of Financial Institutions (OSFI) “Guideline B-10 on Outsourcing Business Activities, Functions and Processes“ PDF File). Section 7 (Risk Management) of these guidelines can also serve as “best-practices” for other sectors.

Calgary – 11:45 MST