Managed Services Contract Defined
Managed services contracts involve the outsourcing of a company’s IT infrastructure, various operational departments or business processes to a service provider. Alternatively, the term "managed services contract" is also used as a catch-all phrase for a contract under which a vendor provides certain support services to a customer. The more precise term would be outsourcing services contract in this latter context.
Most commonly the first definition of managed services contract is intended. This can be defined as an agreement between a customer and service provider whereby the service provider agrees to deliver to the customer certain functions, such as information technology services, crisis management services, labor or human resources support services, accounting services, payroll services, maintenance services, technical support services, network operations control (NOC) services and other support services . Managed services are a set of responsibilities that enables the customer to shift the responsibility of managing the services from its own staff to a service provider.
Managed services contracts are drafted to govern the relationship with an outsourcer. The agreement is tailored according to the asset being outsourced and the method of outsourcing. There are different procedures and documentation used for outsourcing of human resources processes, financial processes, acquisition and retention of real estate, procurement and logistics, and information technology services. In general, the agreement should set out objectives and expectations, requirements regarding detailed implementation plans, performance plans, acceptance criteria, reporting requirements, payment schedules, remedies and procedures for termination.
Essentials Of A Managed Services Contract
While each managed services contract is unique to the parties involved, contracts generally have key elements in common. A general framework can be established to help guide the process. Fundamentally, a managed services contract will address the scope of services, performance metrics, and responsibilities of the parties.
Scope of Services
The contract should identify the service provider and the parties’s mutual expectations as to the services to be provided. Depending on the specific IT needs of the client, that may include:
• Network architecture design and management
• Infrastructure support and management
• Network monitoring
• On-site and remote support
• Security services
• IT staff lending and augmentation
• Backup, continuity and disaster recovery services
• User provisioning
• Managed print services
• Cloud services
• Email management
• Virtualization
• Server hosting
• Procurement services
• End-user training and education
• Network performance virtualization
• Network access provisioning
• Application and patch management
• Infrastructure sourcing, provisioning and support
• Disaster recovery planning
• Policy and procedure implementation
• Hardware and software asset management
• Contracts and license management
• Help desk support
Performance Metrics
What happens if expectations are not met? Managed services contracts should include performance metrics to address any "faults" in the services and strategies for addressing the same. Key performance indicators ("KPIs") may include:
• Service response and resolution times
• Availability and uptime of services
• Performance of third-party vendors or subcontractors
• Help desk responsiveness
• Critical failure response times
• License compliance
• Adherence to procedures and processes
Responsibilities
What happens if there is a breach? The contract should include a statement of responsibility so that it is clear what is expected of each party and which party is responsible when expectations are not met. This section should also address any limitations on liability. The managed services contract should also address the following topics:
• Data Ownership: Who owns the data being used by the service provider to deliver the services?
• Information Security: The measure and systems in place to protect the data residing on the service provider’s network or system.
• Termination: Under what circumstances can either party terminate the agreement? Does an expiration of the contract triggers a wind down period?
• Payment: How much will be paid for the services performed by the service provider and when will payment be made?
• Force Majeure: The parties’ obligations will be excused in the event of certain acts of God.
Duration
Managed services contracts can be for a fixed period of time or indefinite term. If a contract is for a fixed term, it must include provisions for renewal. Indefinite term contracts should include provisions for amendment and termination.
Advantages To Businesses Of Managed Services Contracts
While the nature of those services may vary, there are some basic benefits to managed services contracts that apply to most technology and outsourced services arrangements. For businesses entering these types of contracts, it is essential that they understand the basic benefits and what they mean for their organization – so they can maximize the full value of their investment.
From the perspective of a business, managed services contracts confer various positive benefits. The positive impact of these agreements can be immediately seen through cost reductions, high-quality technical expertise, increased efficiency and improved access to hardware, software and other technology resources.
Cost Savings
Whether they are looking to make technological improvements or reduce costs, managed service agreements can help. The most notable cost savings comes from sharing resources and personnel. When one business provides the technical support for multiple businesses at once, everyone benefits from the resulting economies of scale.
Access to Expert Resources
Managed services contract provide businesses with access to resources that may have previously been unavailable to them. For example, small and medium-sized companies generally do not have the resources (in terms of capital or personnel) to acquire technology that can optimize their operations – but with managed services agreements, they can.
Higher Productivity
Small businesses, in particular, are tasked with wearing multiple hats to meet multiple objectives. This can result in inefficient use of their resources, as they do not have the capital or personnel to help manage their operations. Managed services agreements can have an immediate and positive impact on their productivity.
Flexibility
With managed services agreements, businesses have flexibility to scale their services with ease. They can essentially pay for only what they need, without being forced into contract for something fails to meet their needs.
Common Issues In Managed Services Contracts
Many companies enter into managed services agreements without an understanding of the contractual risks, such as issues of scope creep and cost escalation that arise from the transition to a new delivery model. "Hidden" spend is an area of risk during contract implementation, including significant additional charges relating to start-up and migration services, and high termination charges. Furthermore, for the latter, there may be little contractual recourse to avoid liability for those charges.
Working with a trusted vendor can mitigate contract-related issues up front. By disclosing existing process and solution detail, the MS provider can create a comprehensive transition plan that accounts for hidden costs. In the absence of complete disclosure, the vendor will design on the basis of assumptions that may not exist. This can lead to contract negotiation disputes (e.g., liability limitations) and service level agreement (SLA) discrepancies (e.g., unanticipated exceptions).
In-house counsel should understand the existence of agreed-upon exceptions to a predetermined scope before implementation. Many companies believe no exceptions exist. They do, but are thought to be vague, especially if they are discussed in a different paragraph of the agreement, rather than as add-ons to an SLA.
The financial stability of a vendor can also impact contract implementation. Vendor consolidation may affect both pricing and the quality of service and support. Vendor ownership or management changes—particularly changes that result in foreign ownership—also pose risk to the implementation of certain contracts. For example, the U.S. Committee on Foreign Investment in the United States (CFIUS) may apply to national security-related cross-border transactions (i.e., domestic and foreign entities). A CFIUS investigation or orders to divest foreign investments can create hurdles, such as loss of competitive advantage, discontinuity, cost and manpower reallocation, and project delays.
How To Draft Effective Managed Services Contracts
Best practices for negotiating, drafting, and managing contracts for managed services are critical for the efficient and effective engagement of IT services. They are also essential for success in nearly all other types of agreements for professional services which may also be structured as ongoing engagements with the same service provider or a different service provider offering the same types of services.
Negotiating better contracts for managed services requires considering the scope of the services (very broadly) required and desired, the length of the engagement (e.g., for a fixed term or an open-ended relationship), and the financial terms (e.g. a flat fee or based upon actual time worked). In many cases there will be no pre-existing information available about the subject matter of the managed services (e.g., the current configuration of the entire IT network). Accordingly, managed services contracts will need several provisions that describe the basis for the professional services to be offered for the managed services.
Managed services contracts should have a clear description of the scope of the contract . For example, will the managed services agreement cover more than the IT network (e.g., will it include IP phones or some other devices)? Will the manufacturer of the IT equipment be provided by the vendor or the client? Is there a guarantee of uptime (if a certain level of uptime is required, how will that be measured)? Are there service levels and what are the consequences (penalties or credits, etc.) for failing to meet those levels? A disciplined approach to negotiating the basic terms of managed services contracts will save time and money for both parties.
Ultimately, negotiated managed services agreements will contain terms that fall into the some of the basic categories of vendor contracts. The topics that should be drafted with particular care in managed services contracts are: Vendor contracts of all types will benefit from the same basic discipline in negotiating the terms of the agreement. Managed services contracts will be more complex than most agreements for other vendor services, but the same types of vendor contract issues come into play.
Managing Risk In The Context Of Managed Services Contracts
Companies entering into managed services contracts must consider a variety of legal issues that can impact the scope and viability of the agreement both during and after the parties’ performance. Key areas for consideration include:
Compliance. Companies hiring a managed services provider are encouraged to ensure that their respective internal terms and conditions include appropriate provisions for compliance with the key industry standards applicable to their industry. For example, companies in the healthcare, manufacturing and financial services sectors will often wish to ensure that their managed services provider is contractually required to comply with certain key regulations such as: (i) HIPAA (protected health information privacy rules and administrative simplification rules); (ii) ISO 27001/ISO 27002 (information security management and general information security); (iii) NIST 800-53 (information security standards for federal agencies); (iv) PCI-DSS (payment card industry data security standard); and (vi) SOX (Sarbanes-Oxley Act of 2002). Parties should also ensure that their managed services contract includes appropriate indemnification and confidentiality carve outs to adequately protect against breaches of these regulations.
Data protection. Companies should consider whether their businesses may require additional protections regarding their data beyond those already imposed under applicable law. In fact, depending on the jurisdiction, companies may already be required to implement specific technical and organizational measures for the purge and destruction of data prior to disposal. There may also be restrictions on the movement of data to other countries that companies should be aware of. For example, many jurisdictions prohibit companies from transferring data outside the country if the foreign country does not provide the appropriate level of protection for the data. Companies should be aware of these requirements when entering into managed services contracts.
Dispute resolution. Companies should consider including a dispute resolution process within their managed services contracts, especially if the provider is located in a different jurisdiction. Some issues concerning the interpretation of contracts, such as termination rights and material breach, are better understood and interpreted under certain levels of authority. If a party enters a number of managed services contracts, these issues can be streamlined by including agreed upon dispute resolution procedures. Non-binding dispute resolution mechanisms include mediation or arbitration. Alternatively, the parties can use binding arbitration if they are comfortable with limiting their rights to a final determination by setting timelines and expectations.
Current Practice In Managed Services Contracts
The trend towards subscription-based billing in managed services arrangements continues. Many service providers also now offer the option of a "pay-per-use" pricing scheme. Cloud computing has only served to accelerate these trends. When a service is not delivered on an ongoing subscription basis, but instead only when the customer wants it, the terms under which the customer uses that service often fall within the scope of a license agreement rather than a services agreement. Accordingly, despite the fact that the arrangement can be labeled a "managed services contract," the associated license agreement is controlling.
In addition to offering tiered pricing for different service levels and bundles, service providers are adopting various creative pricing schemes, including freemium models , where a customer pays nothing for access to the service but is charged for additional services, such as storage space, security, or premium services. Subscription-based schemes allow service providers to garner up-front revenue and create a reliable revenue stream, while the freemium model increases adoption rates by reducing the barriers to entry for new customers. These options further highlight the need to ensure that services agreements clearly delineate the scope of the services being provided, their cost, and the circumstances under which the service provider can modify or terminate any of those features. To protect their investments, service providers should include early termination provisions and analogous protections to cover potential modifications for existing service plans.