Orchestrating a software outsourcing deal - a legal guide

The legal issues associated with outsourcing must be managed carefully

Many organisations outsource software development as a matter of course. Such outsourcing makes real sense when supported by coherent business drivers ­ – those that allow organisations to focus on their core business while giving them access to specialised skills and extra resources, as well as opportunities to reduce costs.

But while this is a common practice, it is not always handled well.

What legal issues should I consider before deciding to outsource software development?

There are a number of legal considerations that need to be evaluated before the decision to outsource software development is made. Although these considerations will be driven by specific context and circumstances, some common themes are likely to include:

Intellectual Property ­ – Questions will arise as to who should own the intellectual property (IP) rights in the developments and what controls should be imposed on a supplier relating to use and subsequent re-use of code. Mechanisms for protecting the IP may also be needed.

This can be a complex and challenging area, and may be shaped by the business drivers. For example, concessions around ownership in return for cost-effective access to other technology and developments leveraged by the supplier.

Other IP-related issues include the scope of any use of existing IP or software by the supplier. This is often necessary for the supplier to undertake work on legacy systems.

In other cases, restrictions on the use of open-source software may be necessary. Certainly, businesses should examine whether open-source licence terms will impact on the future use of the overall development efforts.

Liability – What extent will the outsourcing expose the business to increased liabilities? For any relationship to be successful, there has to be a fair balance between risk and reward. The corollary is some sacrifice in control and visibility, and therefore the ability to manage risk.

Risk assessment needs to be undertaken, with specific reference to the customer’s industry and any relevant regulations. For example, research has shown that there is a correlation between hacking incidents and the outsourcing of software development ­ – a particular risk for organisations that increasingly rely on bespoke applications to maintain their competitive edge. This is particularly relevant for businesses in high target-risk industries such as financial services.

Other liability considerations may revolve around insurance adequacy, exposure to IP infringement claims, data protection/privacy liability where the supplier has access to personal or sensitive information, security and integrity of the business’s IT infrastructure being accessed by the supplier.

In common with other forms of outsourcing, employment law issues may also introduce elements of liability, for example, where the supplier undertakes a service previously provided in-house.

Where the outsourcing is to be offshored, then additional liability considerations can apply, such as the relevance of export controls, personal data sharing regulation and tax impact ­ – all of which can vary from country to country.

Process ­ – Here the challenge is to obtain a clear understanding of what services are to be undertaken by the supplier and whether these can be captured within a legally binding agreement, coupled with a mechanism to address changes. Where the development is via prototyping rather than traditional development, a route map of how to get to the desired development outcome is recommended. Businesses should also consider introducing incentives that are aligned with key milestones.

How do you get the most value out of agreements with suppliers?

Getting value from the supplier can be a fairly subjective matter. Much will depend on the initial business drivers for the outsourcing. For example, if the objective is to reduce costs, consideration could be given to introducing incentives and pain-share/gain-share mechanisms. That needs to be placed in the context of historic spends or agreed budgets, commoditisation and associated pricing of certain activities. The parties should also aim to agree on expectations of cost reductions in support and maintainability of applications.

On the other hand, if the objective is to access technological innovation, then an appropriate value may be assessed based on the supplier’s current and future development library.

Where value is measured by speed of development, then incentives relating to timely delivery, such as service credits, liquidated damages and bonus payments, may be relevant.

Where the purpose of the development work is generating business savings through the deployment of new software, then, provided that there is sufficient linkage between what the supplier provides and the business savings, a payment profile rewarding achievement of such goals may be appropriate.

However, care must be exercised to ensure that the right balance of risk and reward is struck to encourage the right behaviour from suppliers ­ – hair trigger and highly onerous terms encourage defensive and inflexible behaviour.

How difficult is it to get out of a contract if the supplier doesn’t deliver?

Getting out of a contract if a supplier does not deliver is frequently beset by practical difficulties. Any well-crafted contract should address rights of termination and the circumstances in which these are exercisable. These rights can be triggered by specific defaults in respect of key areas, such as failure to deliver to required timescales or meeting specified service metrics, or more generically for material breaches of the agreement.

Termination should always be supported by a binding process of exit and handover that preserves in-flight projects capable of transfer in-house or to another supplier, the transfer of essential know-how, IP, materials and other as sets that are either on loan to the supplier or are owned by the supplier but are essential to complete work in progress.

A contract can address many of these areas by insisting on the implementation of a continuous programme of knowledge transfer or shadowing during the normal course of the contract.