Managed services – the new IT outsourcing
We examine the possibilities and challenges that come with managed services contracting.
Managed services is a very popular way of contracting for the provision of external information communication technology (ICT) services. It can offer an extremely flexible service provision model and can be moulded to fit individual entities’ ICT resources, skills and objectives.
Managed services is a broad concept and may cover anything from:
- Full management of a customer’s internal ICT infrastructure (including provision of desktops, operating software and management of applications).
- Management of only components of a customer’s ICT business operations (such as service desk functions).
Historical outsourcing arrangements
In many ways, managed services is a further development of previous ICT outsourcing arrangements, but managed services contracts contain some important differences to previous arrangements. Those arrangements usually involved contracting out all infrastructure, desktop, asset and change management and user support requirements, and followed a fairly standard pattern.
In those arrangements, the scope of outsourced services was broad, and requirements would be described by lengthy lists of tasks and were measured by technical service levels. Tasks were sometimes divided into groupings, such as towers (e.g. for end user computing, devices service, printing service, telecommunications service etc) and service levels were based on the performance of the ICT equipment and the service desk. More recently, some customers also measured performance by qualitative outcomes, such as an assessment of strategic relationship objectives.
Generally speaking, these contracts were fairly complex and administratively burdensome for customers. While an outcomes focus more recently introduced to some contracts has sought to align them more closely to what matters most to customers, this approach has not always worked. This is because of disagreement about the meaning of qualitative measures, and a lack of the internal skills and fortitude required to apply a performance management framework that is harder to operate than black and white technical service measures.
Problems with these sorts of contracts have included:
- unclear scope descriptions, leading to disputes about the division of responsibility between the customer, the provider and other third-party providers;
- service levels that don’t really measure what is important to the customer;
- insufficient focus on strategic issues such as the benefits of new technology; and
- options for efficiency improvements.
Other problems include failures to deal with interdependencies with other providers or stakeholders. In addition, providers who were awarded major IT outsourcing contracts often simply misunderstood the complexity of the customer’s infrastructure and business requirements.
Despite decades of analysis of these contracts and substantial experience in managing them, no one has invented a fail-safe solution for these issues.
Ideas to improve managed services contracts
Using the banner of ‘managed services’, there are opportunities to focus in a more contemporary way on how to do better in ICT services contracts. These opportunities are about analysing the problem areas of the past and using new, more focused solutions for them.
Here are some suggestions:
It is less common nowadays for customers to allocate responsibility for most of their ICT business requirements to one provider. Most large organisations manage their ICT requirements by a combination of internal skills supplemented by a range of best of breed providers, each selected for their expertise in a particular area. Tips for this approach include:
- Make sure the division of responsibility is clear. To avoid grey area risks, include in your contracts details of interdependencies that identify what each provider requires of others, and who is responsible for ensuring that happens.
- Try to keep the duration of contracts between providers as consistent as possible, or at least include pre-agreed, minimum cost termination rights that allow you to terminate and transition out in an orderly fashion across all related contracts.
- If one provider has responsibility for managing other contracts, make sure those management tasks and expected outcomes are clearly specified rather than leaving them to generic, non-specific obligations - failure to properly describe what is required is likely to result in the customer being left to deal with any issues that the managing provider cannot easily solve.
- Consider using a deed of collaboration that all related providers sign. The deed should include specific interaction, governance and issue escalation provisions, with consequences for non-compliance. The consequences might include financial consequences (e.g. increases to existing contracted service credits) or non-financial consequences (e.g. triggers for reducing scope and transferring it to another provider).
Many contract problems derive from personnel skill failures. While most contracts contain basic specified personnel protections, it is no less important for ICT contracts to include mechanisms designed to ensure that providers provide continuity of appropriately skilled personnel. Consider including stronger personnel protections such as:
- Specifying the skill levels required for key tasks and including a right to require removal of personnel who do not meet this level (an uplift on standard specified personnel protections).
- A service level based on turnover of capability (not of specific people) that is designed to motivate the provider to maintain the ‘A team’ on the job.
- Rights to direct the provider to replace unsatisfactory personnel at no additional costs.
Many ICT contracts are still based on statements of requirements that start from the bottom up – a detailed description of specific required tasks. Consider starting your preparation with consideration of the most important things to you.
Usually, the most important issues are the quality of the process and avoidance of ‘severity 1’ problems and security breaches. Rather than a complex performance management framework that mostly measures the performance of tasks, consider a simpler framework designed to provide clear measures for these important outcomes. Then work back to describe the required scope of services, including minimum tasks you want performed to meet these service levels. It may be appropriate to include an initial phase covering business model innovation where the provider brings into your organisation improved processes such as e.g. for service requests and management procedures. In these areas, there has been substantial best practice improvement in recent times.
The payment regime is the most powerful incentive to good performance. Here are some tips:
- Don’t make service credits discretionary. Customer, entity and agency personnel find it very hard to take a tough line and apply service credits if they were discretionary, especially if the provider has an effective ‘dog ate my homework’ approach to explanations of failures.
- Don’t make any payments until you have properly checked performance and the accuracy of invoices. Ensure non-operational obligations were met and up to date, as well as checking on service level compliance e.g. make sure the change management obligations, asset database and IP register are up to date and that reporting requirements have been met.
- Check performance against any strategic obligations e.g. to keep you informed of emerging technology and its relevance to your business, obligations to achieve specified efficiency or cost reduction improvement.
- Understand the charging terms and how it related to your outcomes. A supplier tendering at a low price might have misunderstood the scope or cut out resources for required management governance.
If you are including any developmental or transformation phases in your contract, consider the following tips:
- If using the agile methodology, include provisions in the contract to ensure the methodology does not result in un-scoped and un-priced time and materials development.
- If you are including an ongoing release or update process, ensure that it is designed to maintain provider responsibility for defects without allowing defect risks to be transferred to the customer (including the customer paying support service fee to fix defect under warranty).
Software licence/cloud services compliance
A multi-provider environment can add complexity to software and cloud compliance obligations, with the metrics, licence and usage restrictions applicable to software and cloud products in use in a customer environment. It is important to ensure that:
- You take a holistic approach to compliance management to cover all licences and cloud services in use in the organisation.
- Your contracts identify any additional items that your users need to use and include appropriate rights.
- You make sure providers can use products you have contracted.
You should consider the following risks:
- non-compliance risks relevant to your specific use of software and cloud services
- the need for access by your personnel and other third parties (e.g. contractors) as well as provider personnel
- the risk of indirect use by automated system connections
- requirements for use for services provided to other organisations.
These risks can all be managed and mitigated by focused contract provisions that extend beyond standard simplistic approaches, based on concepts such as Existing Material, New Material and the like.
Think about what you would most like to be able to do if a problem arises. It is rare that you will consider standard contract remedies like termination as the first port of call. Other remedies you may wish to consider include:
- No cost re-work obligations.
- Additional governance obligations.
- Obligations to provide higher skilled personnel at no additional cost.
- Discounts on the next phase of the contract if the earlier phase took longer (in addition to or as well as liquidated damages for delays).
Nothing is stable in the world of IT and customer organisations are rarely static. You can always agree to amend a contract, but it’s much easier and usually more cost-effective to analyse foreseeable changes up front and build in mechanisms for dealing with them. Consider the following options:
- Pre-agreed pricing for changes in volumes of variables relevant to the contract e.g. users, devices, and sites.
- Processes with inbuilt triggers for foreseeable events e.g. usage increases beyond a certain level that trigger additional reporting and analysis, annual reviews with inbuilt mechanisms for price changes if certain pre-agreed variables change.
Managed services contracts don’t have to be limited to services, service levels and standard remedies. Use your creative juices to create a contractual framework that proactively anticipates what may go wrong, and which provides inbuilt flexibility and other mechanisms for dealing with issues as they arise.
Before and after the proposed changes to the Franchising Code of Conduct
On 10 November 2020, the Commonwealth Government released for public comment, the draft regulations it proposes will...
ACCC’s 2021 enforcement priorities – what you need to know
ACCC’s enforcement priorities for 2021
2018 In Review: Australian Competition & Consumer Commission
By Shaun Temby
In Review take a look at the ACCC’s leading cases and activities in 2017
Commonwealth security snapshot – NSW Cyber Security Standards Harmonisation Taskforce recommendations report
Partner Gavan Mackenzie and senior associate Nick Topfer provide updates on issues related to Commonwealth procurement...