What should your outsourcing contract contain?

Outsourcing refers to the contractual support of all or part of the management of an organization’s information system by an external service provider. An outsourcing contract between a service provider and its customer includes three types of services:

• assistance to users of the information system;
• preventive and reactive maintenance of the infrastructure which often takes the form of assistance via text chat or phone chat, but also on-site interventions periodically or occasionally;
• development of the IT environment, training in new technologies implemented and support for change.

Outsourcing therefore represents a less expensive and more flexible solution to the management of the company’s information system, but other advantages should also be noted. Outsourcing to an outsourcing service provider also means having access to a wide range of profiles for the needs of its infrastructure on an ad hoc basis, all for a reduced budget: network engineers, cybersecurity experts, technicians, project managers, etc. As the IT sector becomes more and more specialized, it is easier and more judicious to delegate these tasks to experts in order to concentrate on your core business. In a context where cyber attacks are ever more numerous, a good service provider will ensure good protection of IT equipment and a healthy and risk-free transition to telework of collaborators. For example, there are providers who may meet these criteria, such as OTO Technology which offers an IT outsourcing solution.

The clauses to be included

Here is what a good outsourcing contract must include:

• a clear pricing which mentions in particular the number of intervention requests;
• the nature of the interventions which can be remote or directly on site. The contract must mention whether days on site are planned in the event of incidents that cannot be handled remotely;
• the days and times of intervention;
• response times, which may vary depending on the impact of the incident on productivity;
• the scope of intervention. Ideally, this should include the IT infrastructure (fixed and laptop computers, servers and tablets), employee services and applications (messaging, office suites, security suites, telephony). The contract must also specify the interventions outside the contract;
• confidentiality: the service provider and his employees are required to respect the professional secrecy of the clients with whom they work;
• The service provider’s tools for the supervision of the information system, remote control, management of intervention requests …

Deliverables

It is also necessary to foresee specific deliverables within the framework of the contract, for example:

• documentation of the IT environment: network topology, workstations, servers, software licenses, directory, etc.
• intervention reports containing the details of the incident, the time and date of the request, the detail of the intervention, as well as the time and date of its closure.

Article produced in partnership with the OTO Technology teams