Checklist IT Outsourcing (Belgian law, English version)
Johan VandendriesscheLawyer at the Bar of Brusselswww.firstname.lastname@example.org 1.1 – 5 June 2013Checklist – IT Outsourcing / BPOThis checklist highlights issues that need to be taken into account when drafting andnegotiating an IT outsourcing agreement or a BPO agreement. Given the potentially largescope of issues, this checklist remain limited to the issues that are common to mostoutsourcing agreement.General Definitionso Specific definitionso Reference to external glossaries (e.g. ITIL) Interpretation rules Hierarchy of the contract documentso Standard ruleo Exceptions? Form of the agreement in case of multi-jurisdictional outsourcing agreementsScope of the Agreement Description of the scope of the agreement Description of the methodology of the services and the evolution of the serviceso Continuous improvemento ‘Technology refresh’o Evolution of the services in view of new laws and regulationso Knowledge sharingo Reporting Roles & Responsibilities (RACI) Qualification of the obligations?o Effort Obligations (“Middelenverbintenissen”)o Result obligations (“Resultaatsverbintenissen”) Suspension of the serviceso Under which conditions? Proportionality? Formalities? With or without prior notice? Grace period prior to suspension? Excluded?
2 Service Level Agreemento Service levels during transition?o Service levels after transitiono How are the service levels modified?o Service credits and liability in case of failure to meet SLAs? Cooperation with third parties service providers / suppliers Sites Change Control ProcedureTransitionTransition is a critical part of IT Outsourcing. Transition is usually described as a projectprior to service delivery, with a project/transition plan (milestones and acceptance).The operational and legal responsibility is usually gradually transferred to the serviceprovider.Pay particular attention to the transfer of: Assets (including restrictions of contracts and intellectual property rights) Employees (CAO32bis)Obligations Cliento Duty to cooperate? Scope and extent of the obligation Restrictions of the information duty of the service provider?o Provision of infrastructure / assets / resourceso Requirements in relation to personnel?o Contract manager / project manager?o Supervision duty? Service Providero For projects: ‘time is of the essence’?o Availability and replacement of key personnelo Compliance with security and access policies Prior communication Form? Provisions for negative impact on service provider?o Quality control General obligation / specific obligations Certification duty? E.g.. ISO 9000 or 27000 series ?o Evaluation proceduresContract GovernanceContract Governance is an essential element throughout the life of the outsourcingagreement. Pay particular attention to the development of a good contract governancemodel.
3Price and Payment Price mechanisms Taxes Invoicing modalities Payment modalities Payment schedules / terms Penalties in case of late paymento Interesto Indemnityo Suspension of the agreement (‘exception non adimpleti contractus’)o Formalities? Price evolution (increase and decrease)o Unilateral modification by the service provider with termination option?o Price review mechanism (“indexation”)?o Benchmarkingo Most favoured customer?Duration and Termination Duration of the agreemento Effective Date and Commencement Date of the Services (generally phased aspart of the transition project)o Duration?o Undetermined duration (unusual, unless after an initial period) Termination of the agreemento Termination for convenience By the client With or without compensation? Which notice period? By the service provider With or without compensation? Which notice period? Prolongation option after termination?(continuity measure)o Termination for cause By the client? Which causes? Which conditions? Which formalities? By the service provider Which causes? Which conditions? Which formalities? Conditions precedent and conditions subsequent?
4 Consequence of termination?o Exclusion of specific clauses (e.g. confidentiality)o Retransition! Assets (including contracts and intellectual property rights) Personnel Retransition ‘in-house’ or to a new service provider?Confidential Information, Data and Personal Data Confidentiality and purpose limitation Client ownership? Security BCP & DRP Processing of personal datao Choice of the service providero Security obligationo Transborder data flows Compliance requirements?‘Step-in’-rights Nature of the breach Grace period? Formalities Cooperation duty between service providers Costs? Phasing out of the ‘step-in’ (how and when?)Liability and Insurance Limitation of liabilityo Of the service provider?o Of the client?o Both parties? Which limitations?o Nature of the breacho Amount of damageso Nature of the damages Exclusion of ‘indirect and consequential damages’o Definition?o List?o List of direct damages? Carve-out of limitations (unlimited liability for specific cases)?o Violation of confidentiality obligationso Violation of third party intellectual property rights?o Violation of data protection rules?o Other cases? Period after which claims are barred? Hold harmless obligations?
5 Insurance duty?o Fixed amount or reasonable amount?o Obligation to provide insurance certificate?o Notification in case of termination or modification of insurance policy?Unforeseen Circumstances Force Majeureo Definition of reference to legislation/case law?o Scope of force majeure?o Information duty?o Termination of the agreement When? By whom?o Obligation to mitigate consequences Hardship clause?Intellectual Property Regime in relation to pre-existing materials Transfer or licence to new materials, if relevant? Know-how? Warranty in relation to intellectual property infringementsWarranties Service providero Fitness for purpose Document client specifications? Legal and/or technical specifications and/or standards?o Compliance with tax and social law obligations (LIMOSA, …)o Compliance with applicable law and regulationso Ownership or licence of tools / equipment used for the provision of theserviceso Absence of harmful code (virus, Trojan horse, time-bomb …)o Explicit limitations or exclusions? Cliento Warranty in relation to data protectiono Warranty in relation to the absence of harmful codeo Warranty in relation to transfer of employees (CAO32bis) Remedies?o Repair Absolute duty? Relative duty (‘substantially conforming to’)o Reimbursemento Termination of the agreemento ‘sole remedy’ or other remedies?
6Notices Form Language Address Evidence rules?Audit Scope Modalities Cost Consequences Access to internal audit reports or certification audit reports (e.g. regular ISO 27000audits / SAS70)‘Boilerplate’ ClausesComparable to standard agreements.