Improving Professional Service IT Agreements
A few years ago, we renovated our kitchen. Our old kitchen was fine, but it was getting a bit tired and we were ready for more counter space, better lighting, and an improved layout overall.
As we soon discovered, getting the work done required a myriad of contractors: carpenters, plumbers, electricians… even a “radiant heat boiler” specialist. As you’d expect, each had their own role and area of expertise — with different expectations and concerns regarding deliverables and responsibilities.
Each contractor’s role carries unique risks. For example, a plumber’s faulty work could lead to extensive mold down the road, whereas an electrician’s faulty work could lead to a destructive fire.
Well, IT projects work the same way. Just as my kitchen renovation demanded different skills for different aspects, you, too, will likely have to choose which type (or types) of IT services you’ll need to complete your specific IT project. Each type carries unique risks and concerns.
Whereas flood, fire, and structural integrity are concerns in the context of a kitchen renovation, IT project concerns could involve acceptance of deliverables, ownership of IP, payments for overages, etc.
So, once you decide which type of IT vendor you’ll engage, you’ll need to ascertain the potential risks and make sure the governing terms properly protect your interests. The terms and conditions should be tailored to address the specific needs, goals, and risks associated with your IT project.
Different Buckets, Different Terms
The IT-related services that I encounter in my work generally fall into four different buckets. These buckets, however, aren’t always described in the same way, and they are frequently confused with one another. Therefore, you’ll need to examine the specific service being provided (or purchased) rather than the label provided by the vendor (or customer). Once you determine which buckets apply, the applicable governing conditions need to be put in place.
At a high level, here is how I view and differentiate the various buckets:
- Implementation or Onboarding Services — short, routine engagements where a SaaS provider provisions an account and helps its customer get up and running on its service. Although configuration efforts are geared to the customer’s needs, the engagement does not involve unique or custom services or code delivery.
- Consulting Services — certain tasks are outsourced with defined deliverables, such as code development. The service provider is generally expected to offer a deliverable that meets agreed specs and to complete the service without oversight or ongoing input. The vendor and the customer benefit from the vendor’s ability to draw upon prior engagements.
- Managed Services — the service provider manages all or a portion of a company’s IT infrastructure, often taking end-to-end responsibility for the company’s IT system. Managed services often bundle a wide variety of tasks into one, making payments simple and eliminating headaches associated with organizing vendors.
- Professional Services — engagements are project-based and usually address a specific problem or challenge. Unique deliverables are identified and a tailored solution is provided, often requiring frequent back and forth between the service provider and the customer. Ownership of deliverables is a key concern for the customer.
In today’s newsletter, I will drill down into the last bucket — professional services — and look at some of the most important terms governing their delivery.
Professional Service IT Agreement Considerations
These engagements address specific challenges and involve unique deliverables that are intended to provide a competitive advantage. As a result, the customer often has unique concerns, especially regarding ownership and confidentiality. For these reasons, it’s important to pay attention to the items below.
Time and material (T&M) or deliverable-based?
If the project is deliverable-based, then detailed specifications need to be agreed upon. If the project is T&M, the parties should set milestones and expectations regarding time spent to meet each milestone (consider including a maximum time or “not to exceed” amount).
Consider how you’ll determine whether the deliverables will be accepted. On one end of the spectrum, you can agree upon a detailed set of acceptance parameters, with specific timelines for correction. On the other end, you can leave it up to the reasonable judgement of the customer.
Who owns what?
You’ll need to clearly state ownership of the deliverables and any intellectual property rights therein. In general, if the agreement is silent regarding ownership, then the vendor will have rights to use the deliverables going forward.
If the vendor is providing a truly custom solution — one that gives your company a significant competitive advantage — you’ll want to carefully consider and negotiate the ownership-related terms within the agreement.
What is the nature of the information accessed by the vendor?
Often, the parties can set up the engagement so that the vendor will not have access to or use of personal information. Of course, this is the easiest approach.
However, if the engagement requires this access or use, specific terms must be included in the master agreement. These terms can range from specific security obligations, to unique liability terms, to indemnification obligations.
Is additional insurance required?
The answer to this question varies, depending on the specifics of how and where the work gets done. Will the vendor have personnel on site? Could the vendor’s work impact expensive or large amounts of equipment? Does the vendor have access to personal information?
Overall, you’ll need to ascertain the potential risks related to the project and whether or not those risks can be alleviated through insurance carried by the vendor.
When it comes to IT-related services and their associated agreements, one size definitely does not fit all. The nature of the work involved in IT services can be exceedingly broad in both scope and characteristics.
When engaging professional services in particular, make sure you are paying close attention to the four elements highlighted above.