Outsourcing Master Services Agreement Drafting

Go to: Components of the Agreement | Deviations from Master Agreement | Parties and Purpose |
Term of the Agreement | Parties’ Responsibilities and Obligations | Compliance with Laws and Policies
| Procedures Manuals | Disaster Recovery Services | Charges, Payments, and Taxes |
Benchmarking Process | Service Level Credits | Covenants, Representations, and Warranties |
Transition | Governance and Personnel | Inspections and Audits | Technology and Intellectual
Property Rights | Confidentiality and Data | Termination | Liability, Indemnities, and Damages |
Insurance and Risk of Loss | Dispute Resolution | Force Majeure | Related Content
Reviewed on: 05/24/2019

by James E. Meadows, Culhane Meadows PLLC

This practice note discusses the drafting of outsourcing master services agreements. It describes important
components of an agreement, such as parties, services, and other terms and conditions.

In drafting an outsourcing contract, most customers and suppliers prefer the master services agreement (MSA)
approach because additional services can be added over time, with the need to address only deviations in
subsequently executed statements of work (SOWs). There are two components to an MSA: (1) the legal deal, or
the definition of the relationship between the parties, which is generally uniform across SOWs, and (2) the business
deal, defining the specific services to be procured and the terms relating to those services, which are set forth in
accompanying SOWs. An outsourcing “tower” is a discrete category of services within the overall service offering.
The services within a tower are typically separable (and terminable) from services under another tower. Different
service towers could be the subject matter of separate SOWs, but might have been aggregated to comprise the
provider’s initial service offering. For example, typical towers under an IT infrastructure outsourcing deal might
include: data center, mid-range computing, end-user computing (e.g., deck tops and laptops), application
development and maintenance, and help desk. See Outsourcing Transactions Key Issues Checklist; and Master
Services Agreement (Customer).

For more information on drafting outsourcing master services agreements, see Outsourcing Considerations and
Planning, Outsourcing Negotiation Plan Preparation, Outsourcing: Scope, Service Levels, Risk Allocation, and
Price, and Outsourcing Transactions Key Issues Checklist; and the form Master Services Agreement (Customer).

Components of the Agreement

An MSA may be comprised of SOWs, exhibits, schedules, and local enabling agreements (LEAs).

Statements of Work. SOWs set forth specific services to be provided and are incorporated into an MSA. The
benefit of a SOW is that services can be separated and/or added over time. See Outsourcing Procurement
Solicitation Process — The Statement of Work (SOW) section in Outsourcing Procurement Solicitation Process.

Exhibits. Exhibits are quasi-legal attachments that define rules and procedures, and provide other information that
will generally apply to all SOWs under the MSA. As such, they are fixed and numbered under the MSA.

Schedules. Schedules are used to help define the business deal under each individual SOW. Some of the
schedules will have equivalents in each SOW; for example, services descriptions, charges, etc. However, because
they are only required if they are necessary or appropriate, they are typically named, but not numbered, where they
are referenced in the MSA.
 Outsourcing Master Services Agreement Drafting

Local Enabling Agreements. LEAs are only used where the contract is global in scope (i.e., provision of services
in multiple jurisdictions where both the customer and supplier have operations) and where the parties’ respective
tax counsel and local counsel advise that the use of LEAs are required or desired so as to document local-to-local
relationships. They are typically limited in scope to legal terms that are actually required to be separately treated.
For example, they are not used to specify a different choice of law, which would in effect require that the entire
relationship be re-examined under a particular jurisdiction’s local laws.

Deviations from Master Agreement

The MSA should explicitly address document priority in the event of deviations or conflicts. The general rules of
contract construction in most jurisdictions provide that to the extent that there is a conflict between a later executed
document (e.g., a SOW) and an earlier one (e.g., the MSA), the later one should control, as it evinces the parties’
most recent intent. Customers often desire to override that rule out of fear that important legal provisions which are
subsequently addressed in the predominantly business oriented SOW will not receive proper review, given that the
customer does not frequently manage such large and complex contracts. By requiring that the parties specifically
cull those issues out in a separate “Deviations from the Master Agreement” schedule, the likelihood that the legal
provisions will receive the proper level of attention from the respective legal teams is enhanced.

Parties and Purpose

One of the first questions that a customer should ask is: “Who is the customer?” Although the answer would appear
to be obvious (i.e., it is the party signing the contract), it is rarely that simple. In defining who the customer is, the
following questions should be considered:
• Is the entity signing the contract part of a larger corporate family that will be beneficiaries under the contract?
• Is there a need to expressly provide for their beneficiary status under the contract?
• Even if there is not a beneficiary under the initial deal/SOW, does a related entity have the ability to enter into
SOWs in its own name?
• What rights do entities that are not wholly owned by the corporate family have?
• What rights do franchisees or other “business partners” have? They may not even be within the ownership
structure, but their interests may be aligned with respect to the subject matter of the contract.

Once the customer and supplier are identified and defined, the purposes and objectives of each party for entering
into the agreement should be stated. The customer should develop this list before even considering an outsourcing
transaction, because without clear objectives they are likely to overpay and end up not getting what they want. Or
worse, the customer might find out after the fact that they have overlooked critical issues that they were not even in
a position to consider.

Typical reasons that customers seek to enter into outsourcing deals include:
• Reducing customer costs of the functions encompassed by the services being outsourced. Saving money is
almost always a factor
• Improving the quality of the performance of such functions through the application of supplier’s expertise and
best practices. This is the supplier’s business, so improvement should be expected
• Increasing the scalability and flexibility of such functions. Infrastructure costs money, and adapting the
infrastructure to the customer’s specific needs at any given point in time costs both time and money
• Allowing the customer to focus on its core competencies.

Term of the Agreement

 Outsourcing Master Services Agreement Drafting

An effective date should be stated in the MSA to indicate that the agreement will terminate upon the latest
expiration date provided for in an effective SOW, unless earlier termination or extension is specified. The term
stated in the MSA is essentially irrelevant because an MSA typically exists primarily to provide the legal structure to
support the various SOWs thereunder. It is really the term of each SOW that matters.

Parties’ Responsibilities and Obligations

Designating each party’s respective responsibilities is critical. The inclusion of a responsibility matrix is not a
requirement, although if prepared with the appropriate level of detail, can be very helpful in establishing: (1) which
party has the primary responsibility for a task; (2) which party has secondary (or supporting) responsibility; and (3)
dependencies for each party’s responsibilities.

On the supplier side, the services to be provided should be stated in the SOWs. The supplier’s obligation to provide
services should also include responsibility for providing, administering, managing, and supporting all resources
necessary or appropriate for the supplier to provide, perform, and deliver the services. This includes personnel,
hardware, software, facilities, services and other items, however described. Unless otherwise set forth in an asset
allocation matrix, the supplier should be responsible for all costs associated with any software license or sub-
license that it holds, allowing it to use whatever software necessary to provide the services.

A key aspect of every outsourcing deal involves when, and the extent to which, the supplier should be excused from
any of its performance obligations. Typically, the provision providing for excused performance is skewed in the
customer’s favor (with appropriate protections), because providing the designated services is the supplier’s
business. As such, placing the responsibility for managing the relationship, including customer’s performance of its
responsibilities, is appropriately placed on the supplier. Furthermore, requiring the supplier to detail dependencies
in advance, whether in the responsibility matrix or otherwise, protects the customer against any surprises after the
contract is inked.

See also: Outsourcing: Scope, Service Levels, Risk Allocation, and Price.

Compliance with Laws and Policies

Compliance with laws and policies is typically one of the more contentious provisions in an outsourcing deal, as the
customer is asking the supplier to step into its shoes regarding compliance around the particular services. Passing
along the responsibility to the supplier can be straightforward; for example, a supplier of human resources
outsourcing service would be required to comply with labor and employment laws applicable to the customer.
However, in other cases compliance can be less clear; for example, if the customer is regulated and the supplier is
performing certain tasks which may fall under the regulatory umbrella.

Although the term “laws” is typically defined broadly, depending upon the customer’s business or industry, it may be
necessary to pick up any guidance, bulletins, white papers, pronouncements, reports or similar communications
issued by any governmental authority or applicable self-regulatory or industry body, whether or not such
communications have the force of law. Since it is the customer’s business, and the impact of any violation is likely
to fall to the customer, it is also important that the customer have the right to determine which communications are
applicable.

Customer policies which are applied consistently to the customer’s other applicable suppliers should be made part
of the contract as well. The supplier will expect to have the right to conduct diligence with respect to such policies,
and to negotiate certain situations where the supplier’s interests in following its own policies might override the
customer’s interest. For example, policies with respect to the conduct of the supplier’s personnel within the
supplier’s facility, where not directly related to a specific customer concern.

The evolution of such policies over time will also be important, particularly given the duration of most outsourcing
deals. If a development occurs, the customer must be able to adapt its policies, and as long as those policies are
 Outsourcing Master Services Agreement Drafting

applied in a non-discriminatory manner, the supplier should be required to comply with those updated policies.
Contention arises when the supplier is required to incur costs to change its processes. The supplier’s protection lies
in being compensated, but only where such compensation is appropriate.

For more information, see Compliance with Laws in Outsourcing.

Procedures Manuals

To ensure compliance, it is helpful to have a procedures manual. Procedures manuals are often used to describe
the method that the supplier will use to perform and deliver the services under the applicable SOW, and the
activities that the supplier will undertake in order to provide the services. This includes, without limitation, the
direction, supervision, monitoring, staffing, reporting, planning, and oversight activities normally undertaken to
provide services of the type that the supplier is to provide under the SOW. The procedures manual becomes a
living document to guide the performance of the services over the duration of the contract, including as the services
evolve over the course of the relationship.

Disaster Recovery Services

Contingency planning is a key aspect of every outsourcing deal. One approach to contingency planning is to
procure disaster recovery services from the supplier. This can be accomplished in different ways:
• The requirements for disaster recovery services can be set forth in the services description schedule to the
applicable SOW as a separate tower or sub-schedule thereto. This approach is common where the
customer is procuring finite and defined “hot site” support from the supplier; or
• The requirements can be set forth in the MSA referring to a separate disaster recovery requirements schedule
to the SOW. This approach is common where disaster recovery support is cross-functional and may apply
across a range of towers or services.

Disaster recovery services are typically charged by the supplier, so it is very important at the outset for the
customer to convey an expectation as to how it wants this to work. The expectation could be that disaster recovery
is “baked in” to the pricing for the services, which is often the case under the latter option above. The former
approach is commonly referred to as “hot site,” and is typically a separate line item.

Whether the desired approach is a disaster recovery plan managed by the supplier or a joint business continuity
plan, for which the customer may bear more responsibility, it is important for the plan to cover the critical personnel,
backup processes, operations, systems and processing used in the provision of the services. It must also cover the
process to restore and recover all individual systems, data, and applications to full operation in the event of a
failure, service interruption, or disaster. The parties should discuss each party’s options and rights in the event of an
extended disruption, as well as what actually constitutes an “extended disruption.” They should also discuss how
certain contractual terms will be impacted; for example: charges. If the disaster is not specifically addressed in the
disaster recovery plan, it may be appropriate to establish a default contractual right. For example, it could be that
either party would have the right to retain a third party to provide or restore services. That right might kick in as few
as 24 hours after the event, or even shorter depending on the nature of the services and the reality of an alternative
provider being able to step in with such short notice. The supplier might be held responsible for payment for such
replacement services from the third party for so long as the disaster continues, in which event the customer would
remain responsible for continuing to pay the supplier the charges associated with the services during such time. For
more information, see Business Continuity and Contingency Planning in Outsourcing.

Charges, Payments, and Taxes

The cost or charge for the services that the customer will pay the supplier, and the manner of payment, should be
stated in the SOW. The specific amount of charges is often set forth in an accompanying schedule of charges.
 Outsourcing Master Services Agreement Drafting

Charges for services rendered are best handled with the use of invoices and a default payment method that should
be indicated in the agreement. The default payment terms are typically a matter of corporate/procurement policy.
Although invoicing is a matter of corporate policy as well, it is often very important to customer entities that the
supplier remains on top of the invoicing process, for budgetary, tax, or other reasons. This is generally an
acceptable responsibility to pass along to a supplier, as the information required to prepare and submit a proper
invoice is typically within the supplier’s control.

The agreement between the parties should also address the party responsible for taxes; it is usually the customer
(with respect to foreseeable taxes on the services themselves). “Taxes” is typically defined as:

“Federal, state and local sales, use and other similar types of transfer taxes or fees (e.g., VAT), however
designated or imposed, which are in the nature of a transaction tax or fee, but not including any taxes, duties or
fees imposed on or measured by net or gross income or gross receipts, capital stock or net worth or in the
nature of an income, capital, franchise, or net worth tax.”

Qualified tax advisors should be consulted early in the process to determine how to best structure an outsourcing
deal, as the nature and extent of the services and the jurisdictions from which, and into which, the services will be
provided can have a significant impact on the deal, and any costs savings to be realized.

For more information, see State and Local Tax Issues in Outsourcing.

Benchmarking Process

During the course of the contractual agreement, it is prudent for the customer to monitor and ensure that the
supplier is providing the actual service agreed upon, and that charges are staying within reasonable limits. In order
to do this, a provision should be included in the MSA allowing the customer to engage a “benchmarker” to
benchmark service level specifications and charges for the services provided under each or any of the SOWs. The
purpose and results of the benchmarking process are to determine whether the charges and service level
specifications for selected services are competitive within a reference class of reasonably comparable customers.

While it may seem appealing to shift this cost to the supplier, or at least split the cost, it is usually in the best interest
of the customer to assume the cost of the benchmark in order to avoid any conflicts of interest and provide the
customer more control over the process.

Generally both service level agreements (SLAs) and charges are benchmarked, and other requirements are used
as comparators. They are typically variable in an outsourcing deal and both are pegged to industry norms that
change over time.

Service Level Credits

In some instances, if the supplier fails to provide the services in accordance with the service level specifications set
forth in the applicable service level agreement, a “service level credit” may be applied against the charges that the
customer owes to the supplier. The service level credits represent credits for the reduced value of the services, and
are not liquidated damages or penalties.

The characterization of service level credits as a remedy is often a point of contention in negotiation. The supplier
will typically want to consider the service level credits to be liquidated damages, thereby making them the
customer’s sole and exclusive remedy for any service level default. The problem with such an argument is that the
levels at which the service level credits are usually set are well below what would be considered to be an amount
“which is reasonable in the light of the anticipated or actual harm caused by the breach.” Therefore, such a
provision works as more of an additional limitation of liability, which is likely to undercompensate the customer for
the supplier’s breach. Accordingly, the customer will typically argue that the service level credit reflects that the
supplier should not be compensated fully for providing services at a level below that for which it had committed.
 Outsourcing Master Services Agreement Drafting

Remedies tied to the impact of the default are best left to a determination, perhaps by a court, after the fact, and the
customer should not be foreclosed from pursuing such a claim.

For more information on service levels and service level credits, see Service Level Methodology in Outsourcing and
Outsourcing: Scope, Service Levels, Risk Allocation, and Price.

Covenants, Representations, and Warranties

Most outsourcing agreements will include references to the terms “representations,” “warranties” and/or
“covenants,” so it is important to understand each concept and use them appropriately. When in doubt, it has
become customary to include all three for many of the representations and warranties, in order to give as much
protection to the customer as possible. For example, if the customer is unsuccessful in making the “representation”
argument in court, no harm has been done. If it is successful, on the other hand, rescission of the contract would be
a substantial remedy.
• Representation. A representation is an express or implied statement that one party to the contract makes to
the other before or at the time the contract is entered into regarding a past or existing fact. A claim that a
misrepresentation induced a contract might be pursued in fraud, either to rescind the contract or for
damages. In general, representations are focused on why the customer chose to enter into the deal – e.g.,
the absence of any IP infringement litigation.
• Warranty. A warranty is a promise, generally requiring strict compliance, that a proposition of fact is true at
the time of the contract and will be true in the future. It provides that something in furtherance of the
contract is “guaranteed” (which is typically stronger than a “mere” contractual obligation) by a contracting
party, often to give assurances that a service or deliverable is as promised.
• Covenant. A covenant is usually a formal agreement or promise in a written contract that is secondary to the
main reason for the contract. It is an undertaking to do or not do something in the future. A claim for breach
of a covenant may be for damages or specific performance (meaning that a court could order the supplier
to perform), or, potentially, if the covenant is important enough, for rescission or termination.

Covenants

The MSA may contain any number of covenants, depending on the specific concerns of the parties. For example,
the MSA should contain language conveying that the supplier will render services using personnel who have the
necessary knowledge, training, skills, experience, qualifications, and resources to provide and perform the services
in accordance with the agreement, and that services will be rendered in a prompt, professional, diligent, and
workmanlike manner, consistent with the industry standards applicable to the performance of such services. Below
are additional covenants appropriate in the outsourcing context.

Continuous Improvement; Technology; Best Practices

Language committing the supplier to diligently and continuously improving the performance and delivery of the
services is typically sought by customers because of the length of most outsourcing deals. In some areas, like
service levels, improvement can be legislated into the deal with specificity; in other areas, softer obligations which
articulate intent are the best a deal can accomplish. The more detailed the provisions are, the more easily they are
enforced. Similarly, the customer will want covenants from the supplier promising; (1) to use technology that meets
or exceeds industry standards; (2) to keep knowledgeable about changes and advancements in technology
necessary to perform the services; and (3) to use best practices in performing each service. Given the nature and
duration of an outsourcing arrangement, obligations such as these are often considered in order to impose at least
a “soft” obligation on the supplier, particularly where it is difficult to legislate the specific details into the agreement
(or more likely, the SOW).

Non-Solicitation
 Outsourcing Master Services Agreement Drafting

A non-solicitation provision should be provided in order to safeguard the customer’s employees, consultants,
customers, prospective customers, suppliers, vendors, landlords, or other business relations, and prevent any
interference with the business relationship between the customer and such person. The supplier will want this
provision to be mutual, although strict reciprocity is typically not possible, as a number of the customer’s exit
strategies will involve the customer hiring supplier personnel dedicated to performing services for the customer.

Export and Regulatory Approvals

In the export and regulatory approvals provision the parties agree not to use, distribute, transfer, or transmit any
products, software or technical information in violation of U.S. and other countries’ export laws, and the supplier
agrees to timely obtain and maintain all necessary approvals, licenses and permits applicable to its business and
the provision of the services. The MSA provision establishes a default which may be expanded, perhaps
significantly, under a SOW once diligence on the specific solution has been done and it is clear what the customer
will be providing to enable the services, and what the supplier will be providing as part of the services.

For more information, see Assessing Export Control Risk in Outsourcing.

Services Not to be Withheld

A “services not to be withheld” provision prohibits the supplier from voluntarily refusing to provide all or any portion
of the services that violate or breach the terms of the agreement and/or any SOW, as well as explicitly permits the
customer to seek injunctive relief in such an event. This provision is somewhat unique to outsourcing arrangements.
By their very nature, outsourcing deals involve a third party (the supplier) performing a critical IT function or
business process for the customer. As a result, the most leverage that a Supplier will be able to assert around any
issue which may arise is to suspend, or threaten to suspend, services. While that may be appropriate in very limited
circumstances which should be detailed in the contract, the impact of an unjustified cessation of the services far
outweighs any potential benefit to the supplier. As such, this provision, in conjunction with excluding any breach of
the provision from the limitation of liability, is intended to focus the supplier’s attention on any situation in which it
might elect to suspend the services.

Financial Covenants

Quarterly delivery of the supplier’s financial statements and prompt notification of a material event of default or
downgrade of the supplier’s unsecured debt rating is important for the customer, as the supplier’s corporate
financial performance could be an indicator of potential problems down the road. Since the supplier is performing a
critical IT function or a business process for the customer which is typically not easily, or quickly, portable to another
supplier, an early warning and appropriate remedies may be necessary to ensure that the customer continues to
have access to the services, from the supplier or otherwise.

Representations and Warranties

As is the case with other types of agreements, the MSA should include representations and warranties from both
parties. For example, when a party is a corporation, the MSA should represent that it is a corporation, duly
organized, validly existing, and in good standing under the laws of its incorporation state. Other standard
representations and warranties pertain to no default, no infringement, and consents. Ensuring that all required
consents have been obtained will be one of the focus areas of the pre-contract diligence process. Ideally,
everything will be identified and allocated to one party or the other as a result of that process, and documented in
the applicable SOW. As a provision of the services is the supplier’s core competency, it is reasonable that the
obligation to secure any consents required defaults to the supplier.

Data Processing and Transfers

Of particular mention is the supplier’s representation regarding the processing of personally identifiable information
(PII). PII draws specific attention, beyond confidentiality, because of the focus created by applicable privacy laws.
Almost all outsourcing deals involve some level of PII, with the customer facing or impacting services, raising the
 Outsourcing Master Services Agreement Drafting

focus to critical issue status. As such, the contract should include a statement by the supplier that, with respect to
any processing of PII, the supplier:
• Has full legal authority in each jurisdiction where PII will be processed to process such PII
• Will process such PII only on behalf of the customer as necessary to carry out its obligations under the
agreement, and only in accordance with the instructions of customer
• Will not process such PII for purposes incompatible with those for which it was collected or subsequently
authorized by the data subject –and–
• Has complied, and will comply, with all applicable privacy laws

“Process” is a term of art under applicable privacy laws. Typically, the customer is the data controller, and the
supplier is the data processor. An investigation of applicable privacy laws should be conducted, and in the MSA, the
term “privacy laws” should be defined so as to contemplate expansion over the duration of the contract. Pertinent
privacy laws could include:
• Applicable international, federal, state, provincial and local laws, rules, regulations, directives and
governmental requirements then in effect and as they evolve relating in any way to the privacy,
confidentiality or security of PII. For example, the Canadian Personal Information Protection and Electronic
Documents Act (PIPEDA); the Controlling the Assault of Non-Solicited Pornography and Marketing Act
(CAN-SPAM); the FTC Disposal of Consumer Report Information and Records Rule, 16 C.F.R. § 682
(2005); the law commonly known as the California Computer Security Breach Act (Cal. Civ. Code §§
1798.29, 1798.82 - 1798.84); California Assembly Bill 1950 (Cal. Civ. Code § 1798.81.5).
• Applicable industry standards concerning privacy, data protection, confidentiality or information security
currently in effect and as they become effective. For example, the payment card industry (PCI) data
security standard
• Applicable provisions of the customer’s privacy policies, statements or notices that are provided or otherwise
made available to the supplier

For more information on PII, see Privacy and Data Security in Outsourcing.

Compliance with Immigration Laws

Compliance with immigration laws is frequently relevant in offshore outsourcing transactions, since during transition
or even during steady state operations, the offshore supplier will typically engage foreign nationals to provide
services, at least temporarily, at the customer’s location or otherwise within the United States.

Open Source

As the use of “open source” has become more prevalent over time, this provision is currently evolving from a “will
not” to a “what happens when” requirement, with parameters around what is acceptable and what is not with
respect to the supplier’s incorporation of open source into the work product or any software used in connection with
providing the services. This provision will need to conform to the customer’s corporate policies on the subject, and
tailored to the particular services contemplated.

Transition

Detailed transition plan schedules should be included for each SOW setting forth:
• All transition services necessary to completely migrate the services to, or implement the services by, the
supplier
• An allocation of responsibilities between the parties for the performance of such transition services
 Outsourcing Master Services Agreement Drafting

• The transition of the administration, management, operation under and financial responsibility for applicable
third party agreements from the customer to the supplier
• The transition to the supplier of the performance of and responsibility for the other functions, responsibilities
and tasks currently performed by the customer (or by a third party on behalf of the customer) which
comprise the services
• Service level specifications applicable to the transition services –and–
• Such other information and planning that is necessary to ensure the transition takes place on schedule and
without disruption to the customer’s operations

Each transition plan should include critical success milestones and criteria for a milestone to be deemed achieved.
In addition, the plan should provide for a more seamless transition to steady state operations; one should consider
requiring the supplier’s “Transition Manager” to continue at his or her position until the successful completion of the
transition and for a period of time thereafter, or until he or she (1) voluntarily resigns from the supplier, (2) is
dismissed by the supplier for (a) misconduct or (b) unsatisfactory performance, (3) is unable to work due to his or
her death, injury, or disability, or (4) is removed from the customer assignment at the request of the customer.
Unlike the supplier’s contract manager, who might be replaced due to the long term nature of the relationship, there
is no valid reason why the supplier’s transition manager should not remain committed to a transition for its duration.
It is also recommended that the MSA provides for periodic progress reports during the transition period, and sets
forth the process for handling transition delays caused by the failure of the customer to perform its obligations.

The transition provision might also include a liquidated delay damage provision to offer an easy method for
allocation of damages, documentation of firm expectations for all parties involved, and avoidance of significant proof
issues. However, it is important to note that the law generally does not permit the assessment of a “penalty” (i.e.,
punitive) under a contract. The determination of whether a contractual provision for damages is a valid liquidated
damages provision or an unenforceable penalty clause is a question of law. There is no fixed rule applicable to all
liquidated damage agreements, and each one must be evaluated by its own facts and circumstances. Therefore, it
is important to consider this when setting the damages, whether using percentage of fees or actual dollar amounts,
since if the damages are set unreasonably high, they might be unenforceable. Conversely, liquidated damages
must not be set too low, since they should reflect the damages “likely to be sustained,” and by definition will
constitute the customer’s sole and exclusive remedy for delay. This means that the customer will not be permitted
to collect the damages and also sue for additional damages, even if it is harmed to a greater extent than the
liquidated damages amount. In effect, damages have been pre-agreed.

Governance and Personnel

Since an outsourcing deal involves more of a relationship than a fee for goods or services, governance policies and
procedures that define how the relationship will be managed, both at the contract level and at the project/SOW
level, are critical. An “account governance” exhibit and schedule should be set forth to detail how governance will
be managed. The exhibit will define how the relationship will be managed at a high, general, and executive level,
and the SOW schedule will define how each project, or the specific services under the SOW, will be managed. For
more information see Governance in Outsourcing.

A balance must be struck between the customer’s and supplier’s interests with respect to contract managers and
other key personnel. The supplier will generally want the right to change its contract managers at any time to allow
for promotions within the organization and to shift “high performers” to more critical or profitable relationships. The
customer would prefer to have the same supplier contract manager for the duration of the contract, because it does
not want to lose effective personnel assigned to the account in favor of a less experienced individual. If the
relationship is proceeding smoothly, the customer may attribute this to the effectiveness of the supplier contract
manager’s management. Negotiation typically results in a compromise, usually a 24-36 month commitment to
maintain the same contract manager.
 Outsourcing Master Services Agreement Drafting

In addition to specific concerns around changing contract managers, the customer will also want to include
language in the contract stating that key personnel may not be transferred or re-assigned until the customer has
approved a suitable replacement. Furthermore, it will want any replacement of key personnel to be conducted in
accordance with a mutually agreed upon transition plan. The transition plan must include:
• Technical requirements, if not already defined
• A timetable for integration of the replacement personnel into the key supplier position –and–
• A replacement methodology designed to minimize the loss of knowledge as a result of losing the key
personnel

The customer will also want the supplier to assume all costs and expenses associated with the departure or re-
assignment of all key personnel, and the development and implementation of the transition plan, including costs
and expenses associated with “knowledge transfer,” integration, and training of replacement personnel.

For personnel other than key personnel, the customer may be interested in having the supplier track and report to
the customer the turnover rate of the supplier’s employees and subcontractors. This is the case for labor or team
intensive services in particular; for example, call centers. The contract can also commit the supplier to maintain a
prescribed turnover rate per year so as to ensure that the supplier provides adequate incentives, including
compensation, to its personnel in these areas in order to entice them to remain in the supplier’s employ and
committed to the customer engagement. See Labor and Employment and Employee Benefit Issues in Outsourcing.

Subcontractors

In the course of fulfilling its service obligations to the client, the supplier may want to use subcontractors. As such,
the MSA should include language that the supplier will not subcontract any portion of the services without the prior
written consent of the customer. Negotiation of this provision, and the customer’s consent right, is typically
contentious, but primarily because the scope of its application is misunderstood by the supplier at the outset. A
subcontractor is someone engaged by the supplier to provide or perform (or assist supplier in providing or
performing) a portion of the services. It is not someone engaged by the supplier to support its business or
operations generally. Because the customer has selected the supplier, and not another supplier, to perform the
services, the customer is typically apprehensive about allowing the supplier to downstream any portion of the
services, despite the supplier’s assurances that it will manage and remain on the hook for any breach by a
subcontractor. An outsourcing deal establishes a relationship; the customer intends that relationship to be with the
supplier and not some unknown subcontractor, unless the customer agrees to the designation.

Language should also be included stating that prior to subcontracting any of its obligations under the agreement,
the supplier must obtain contractual assurances from each subcontractor sufficient to enable the supplier to comply
with the provisions of the MSA. The contractual assurances are usually focused on the following:
• Protection of the customer’s company information, including PII. The standard here is typically at least as
strong as, and consistent with, the applicable confidentiality requirements of the agreement
• Assignment to the customer of any intellectual property rights to the extent that such rights are to be assigned
to, or owned by, the customer pursuant to the terms of the agreement
• Compliance with the security requirements and other security-related obligations under the agreement
• Service level requirements relating to the services performed by a supplier subcontractor that are no less
stringent than the service level specifications imposed on the supplier itself

The latter requirement is to provide for the success of the subcontractor, as opposed to establishing remedies in the
event of defective performance. The customer would already have such remedies through the supplier via the
original service level specifications.

The MSA should require that each subcontract contain provisions specifying that the supplier subcontractor
specifically agrees that the supplier will have the right to assign such subcontract to the customer. The right to
 Outsourcing Master Services Agreement Drafting

assign the subcontract is particularly relevant where the ongoing performance of the subcontractor is part of the
customer’s exit strategy in the event of a termination of the agreement (or any SOW), in whole or in part.

Inspections and Audits

In order for the customer to have oversight of the services being performed by the supplier, it is important to
stipulate that the supplier must maintain clear and accurate records and supporting documents pertaining to a
number of different aspects of the services being provided, and that it will allow for periodic inspections and audits
of its operations. The records and supporting documents should include:
• All charges and financial matters under the agreement
• All other transactions, reports, filings, returns, analyses, work product, data and/or information created,
generated, collected, processed or stored by the supplier and/or the supplier’s representatives in the
performance of the services
• Supplier’s internal controls relating to the services and those controls provided for in any statement of work to
be executed by the supplier and relating to the customer’s control over the supplier’s activities

The actual list of items subject to operational audit is typically determined by the customer’s “Compliance” or
“Internal Audit” group, and may vary greatly among companies of different sizes or within different industries,
regulated or otherwise. The list is usually fairly expansive, including verification that the services comply with
customer compliance requirements, examination of security, disaster recovery and back-up practices and
procedures, and other aspects that are of concern to the customer. The supplier will generally want to place some
parameters around the scope of the operational audits. The supplier should also allow for financial audits and
inspections in order to verify the accuracy and completeness of the supplier’s invoices and charges, and this right
should extend for a period of time following the expiration or termination of the Agreement.

In addition, it should be stipulated that the supplier will provide to the customer at its request, and for no additional
compensation, all reports, opinions and certifications that the customer reasonably deems necessary or desirable to
support the review, audit, and preparation of audit reports. This provision, and the specific supplier audit reports,
opinions and certifications required, are typically quite detailed, and will outline not only the specific procedures and
protocol to be followed, but also specific timing requirements and steps to be undertaken in the event of any
contingency arising during the process. That said, these are typically fairly standard audits and reports that any
service provider providing services of the nature and scope as defined under the contract should already have in
place. For example, the required annual audit might be a Type II Service Organization Controls (SOC) audit
pursuant to Statement on Standards for Attestation Engagements (SSAE) No. 16 or International Standard on
Assurance Engagements No. 3402 (or successor to such standard).

If the Supplier is unable to timely deliver to the customer the required report, opinion or certification, the supplier is
typically required to:
• Provide the customer with a written statement describing the circumstances giving rise to any delay
• Immediately take such actions as shall be necessary to resolve such circumstances and deliver the required
report, opinion or certification as promptly as practicable thereafter –and–
• Permit the customer and its external auditors to perform such procedures and testing as are reasonably
necessary for their assessment of the operating effectiveness of the supplier’s controls and of the
customer’s internal controls applicable to the services and the related business functions of the customer

The amount of prior notice required for an audit is always a point of contention, as the timing seeks to balance the
customer’s right to address a potential issue promptly with the supplier’s desire to prepare for any audit, and
perhaps address any issue before the customer is even aware that it actually exists.

Technology and Intellectual Property Rights

 Outsourcing Master Services Agreement Drafting

Technology

The ownership, operational, and financial responsibility for the purchase and maintenance of equipment, software,
and other assets used in connection with the outsourcing services are either set forth in a technology provision in
the MSA or in an “Asset Allocation Matrix” schedule to each SOW. This provision, or the related provisions in the
SOW, can be quite detailed, in particular in an IT outsourcing arrangement. Issues typically addressed include
technology refresh responsibilities, software currency requirements, and maintenance of all technology
components. Refresh responsibilities involve disposing of displaced or outdated assets, and replacing them with
“refreshed” assets pursuant to an agreed refresh schedule.

The supplier is typically required to maintain reasonable currency of maintenance releases and versions of supplier
software and customer software to which the supplier is granted a license. “Reasonable currency” is generally
defined, and might require that the supplier has installed the maintenance release of the applicable software that is
at least within one release of the most current commercially available release of such software within the time
frame.

Customer and Supplier Software

The initial list of software owned or licensed by the customer, if any, that is necessary for the supplier to use to
perform the services should be identified in a “Customer Software” schedule to each SOW, which can then be
updated, if needed. It should be stipulated that the customer will retain all of its right, title and interest in and to its
software. However, the customer should grant to the supplier a non-exclusive, non-transferable and fully paid-up
license during the term of the agreement to use, maintain, modify and enhance, the software, but only for the
purpose of providing the services as required under the agreement.

The supplier should list any of its own software that will be necessary to perform the services in an equivalent
“Supplier Software” schedule to each SOW, and should grant to the customer a nonexclusive, worldwide, perpetual,
irrevocable, paid-up license to exploit the software and any other materials provided by or through the supplier
pursuant to the agreement during the term and thereafter. While at first glance this provision might seem
unbalanced, it is important to recognize that the supplier is performing a critical function of the customer’s business
by virtue of the outsourcing arrangement. The customer performed the function itself, or through a third party, prior
to the deal, and will do so upon termination or expiration. As a general rule, the customer will not want the supplier
to build a proprietary platform that it will not be able to take over following the end of the agreement or applicable
SOW. However, there are exceptions to every rule. The key is ensuring that a conscious decision has been made
that the benefit provided under the exception outweighs the detriment of the loss of portability, in whole or in part.

Intellectual Property

The customer should ensure that the MSA grants it ownership of all right, title and interest in and to the work
product created by the supplier, including all intellectual property (IP) rights therein. Furthermore, it should be
expressly acknowledged that the parties have agreed that all aspects of the work product and all work in process in
connection with the work product are to be considered “works made for hire.”

In a cloud-based outsourcing transaction, while the customer may assume that it owns the data that the cloud
supplier collects, uses, and processes on its behalf, the contract should nevertheless detail ownership and data
usage rights. Broadly define “company data” to include all data or information provided by, or accessed or collected
from or through the company and its systems, and all data resulting from the processing, generation, or aggregation
of such data or the performance of the services. The contract should also expressly limit the supplier’s right to use
such data. For more information, see Cloud-Based Outsourcing.

Furthermore, the customer will typically not want its clear rights to the work product tainted in any way by the
inclusion of pre-existing materials owned by the supplier or third parties. If other benefits exist, like cost or
functionality, the customer might elect to consent to such inclusion, but this election would need to reflect a
conscious decision. The trade-off for allowing the inclusion of pre-existing materials in the work product is the grant
of broad license rights in favor of the customer.
 Outsourcing Master Services Agreement Drafting

The customer will also want a provision granting it perpetual, irrevocable, worldwide, non-exclusive, and royalty-free
right and license in the supplier’s patent rights. The reason for the patent license parallels that set forth above with
respect to supplier software. Since the supplier is performing a critical function of the customer’s business, and the
customer will expect to perform the function itself (or through a third party) upon termination or expiration, the
customer will not want the supplier to be able to encumber the customer’s right to re-assume the function. The right
may be narrowed by not tying it to any particular technology, but to the customer’s right to continue its core
business.

On the other hand, the customer will retain exclusive rights to any trademarks, trade names and logos under which
the customer markets its goods or services, together with its copyrights, know-how, patents, and any other IP rights.
The customer will also require that the supplier obtain prior approval for each use of any customer marks.

With respect to the supplier’s personnel, those who provided services to the customer will usually be permitted to
use their knowledge and skills based upon “residuals”, but not disclose such information to any third party. The term
residuals is meant to encompass general knowledge, know-how and experience, including processes, methods,
techniques and concepts developed, conceived or acquired by the supplier personnel in connection with the
services that may have been retained in their unaided memory. This should be clearly distinguished from any
intentional memorization or any information that would violate any part of the agreement, including confidentiality
obligations.

Confidentiality and Data

A robust confidentiality provision is essential to the MSA, as both the supplier and customer may possess and
continue to possess company information of commercial value in the other party’s business which is not in the
public domain. “Company information” should be defined so as to include confidential information and trade secrets,
and in the case of the customer, customer data as well. Customer data typically includes, as applicable:
• Data and information generated, provided or submitted by, or caused to be generated, provided or submitted
by, the customer in connection with services
• Data and information regarding the business of the customer collected, generated or submitted by, or caused
to be generated, provided or submitted by, supplier and/or any supplier representatives
• Data and information processed or stored, and/or then provided to or for the customer, as part of services,
including, without limitation, data contained in forms, reports and other similar documents provided by
supplier as part of services –and–
• Personally identifiable information

Both parties should agree to hold as confidential and refrain from unauthorized storage and disclosure of the other’s
information. Each party should use the same level of care –including both physical security and electronic security–
as they do to protect their own similar information, but in no event less than a reasonable standard of care.

Furthermore, it should be explicitly stated that all of the customer’s company information is the customer’s exclusive
property regardless of any access that the supplier may have to it, which should be limited to only use necessary to
perform the services. Language should be included that the supplier must furnish any such information upon the
customer’s request. This clarifies the customer’s ownership of its data, that recovery of the data cannot be held
hostage by the supplier (for payment or otherwise) and that, whether practical or not, the customer can obtain the
data at any time.

Security

In order to ensure confidentiality, the supplier should be required to implement certain security and safeguard
measures. These will typically include:
 Outsourcing Master Services Agreement Drafting

• Establishing an information security program with respect to PII and other customer data which: (a) ensures
the security and confidentiality of such PII and other customer data; (b) protects against any anticipated
threats or hazards to the security or integrity of such PII and other customer data; and (c) protects against
any unauthorized use of or access to such PII or other customer data –and–
• Establishing and maintaining network and internet security procedures, protocols, security gateways, and
firewalls with respect to such PII and other customer data

Security protocols and procedures are typically organizational in nature. No single customer is going to determine
all of the security that will be implemented and managed by the supplier. The supplier will have its own security
surrounding the services that it offers to the marketplace. As its core business, hopefully the level of security
maintained by the supplier will be robust and extend well beyond anything that the customer might choose to
require of the supplier. Ascertaining that level of security should be part of the diligence process. Once determined,
the approved level of security afforded by the supplier should be established as the baseline, and the parties should
work together to meld that level of protection with the additional security requirements that the customer may need
to add into the mix.

The customer security requirements applicable to the services are typically set forth in a schedule to the applicable
SOW, rather than in an exhibit to the MSA, because the requirements are more likely to be tailored to the specific
services than generic in nature. However, it is sometimes appropriate to set forth some of the security requirements
that may apply across the range of potential services covered under the contract in an exhibit to the MSA, either
separately or as part of the customer policies exhibit. The customer security requirements schedule to the SOW can
then be used to drill down on the specific requirements that may apply to the specific services covered under the
SOW. In such cases, it is important to define both sets of requirements collectively as the “security requirements.”

Security risks are not static over time; accordingly, it is critical that regular security assessments and follow-up
adjustments to the security measures and procedures be performed to address the evolution of each risk. Periodic
assessments should focus on:
• Identification of internal and external threats that could result in a security breach
• Assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of the
data and systems managed by the supplier –and–
• Assessment of the sufficiency of policies, procedures, and information systems of supplier and supplier
representatives, and other arrangements in place, to control risks

Security Breach

Even with such safeguards, however, a notification procedure requiring the supplier to give prompt notice to the
customer should be established in the event that there is a security breach. Notifications involving a security breach
typically follow a different path than other legal notices under the contract. If the customer has a Chief Information
Security Officer (CISO) or a Chief Compliance Officer (CCO), these notifications will likely go to that individual.

In response to a security breach, the supplier may be required to remedy the situation by:
• Performing a root cause analysis on the security breach
• Investigating such security breach
• Providing customer with a remediation plan (which the customer might have the right to approve) to address
the security breach and prevent any further incidents
• Remediating such security breach in accordance with such approved plan
• Conducting a forensic investigation to determine what systems, data and information have been affected by
such event –and–
• Cooperating with customer and, at customer’s request, any law enforcement or regulatory officials, credit
reporting companies, and credit card associations investigating such security breach
 Outsourcing Master Services Agreement Drafting

Security breaches over the past decade or more illustrate the public relations nightmare which can result for the
entity with the most direct relationship with the individual(s) whose Personally Identifiable Information has been
compromised. Since the outsourcing supplier is typically behind the scenes, this is almost always the customer.
Accordingly, the customer should have the final decision on notifying its customers, employees, service providers,
and/or the general public of the security breach, and the implementation of the remediation plan.

For more information see Privacy and Data Security in Outsourcing.

Termination

Typically, the customer will have the right to terminate the agreement or any SOW, in whole or in part for a number
of possible reasons, including, but not limited to: material or persistent breach, convenience, insolvency, supplier
change of control, failure to meet milestones or benchmarks. In the event that the customer terminates for
convenience there will be an associated termination fee. Note that the length of the notice period can affect the size
of the termination fee, as longer notice periods tend to give the supplier more time to address any financial/cost
issues.

Somewhat unique to outsourcing deals is the customer’s right to terminate in the event that the supplier incurs
direct damages to the customer in excess of a certain percentage of the defined “Supplier Direct Damages Cap.”
Given the long term nature of the deal, and the general business criticality of the services, the customer should not
be forced to live with an arrangement in which there is not adequate recourse pursuant to the established cap.
Technically, the termination right is under the supplier’s control, as it only exists if the supplier elects not to reset the
cap to provide for more financial recourse. Although not technically a termination for cause, there is no termination
fee, as it is also not a termination for convenience.

The customer may also want the right to terminate in the event that any critical transition milestone fails to be
achieved. This termination right typically contains a fair amount of detail, based upon how the initial transition is
likely to occur, and provides a separate set of rights (termination of a SOW, but not the Agreement) for subsequent
transitions. Notwithstanding the supplier’s arguments to the contrary, cure rights are generally not provided with
respect to “Critical Transition Milestone Failure,” or at least not with respect to the final milestone date. Technically,
it makes sense that a failure would not be curable, since the clock cannot be turned back so that the supplier could
cure. What the supplier would argue for here is a grace period. However, so much goes into a launch (e.g., cutover
from an existing service provider, employee and other transitions, etc.) that the disruption caused by a last minute
schedule change is likely to be difficult, if not impossible to overcome. In a smaller, less critical, deal, a grace period
might work; however, a better option might be to build contingencies into setting the original critical transition
milestones. One should plan for success rather than provide for failure.

While drafting customer termination language is fairly straightforward, building a structure which contemplates a
termination in part and defining the nature of the relationship after termination is more difficult. Most of this will be
set forth in the SOW and the schedules thereto. Of most relevance will be the service descriptions, which define
separable services and cross-functional services, and the charges schedule, which must contemplate the impact on
the contents thereof in the event one of more portions are removed. For example, if there are three services towers,
it is unlikely that if one of them is terminated, pricing will go down by one-third. For maximum success, these
different variations should already be built and reflected in the SOW.

Supplier termination is not reciprocal, and for good reason. By their very nature, outsourcing deals involve a third
party, the supplier, performing a critical IT function or business process for the customer. As a result, any
termination right that the supplier may be able to assert provides substantial leverage to the supplier around that
issue. For that reason, non-payment of a material amount over a material period of time is typically the only basis
for the supplier to be granted a termination right. Otherwise, the impact of the termination on the customer under
lesser circumstances will far outweigh any potential benefit to the supplier.

Termination Assistance Services and Other Rights Upon Termination

 Outsourcing Master Services Agreement Drafting

Termination assistance services often receives far less attention than it deserves from the business team, and this
plays directly into the hands of the suppliers, as failure to properly address tasks and charges often makes
termination difficult, or much more expensive. The lawyers can craft pleasant language around support and
cooperation, but without careful thought devoted to what will actually happen at transition, that language will almost
always fall short of protecting the customer’s interests. No one wants to talk about breaking apart a relationship at
the time that it is being put together, but a supplier that is about to lose the customer’s business on the back end is
also not likely incentivized to be reasonable and accommodating to the customer’s need to exit cleanly.
Unfortunately, in many outsourcing deals, the termination assistance services schedule is one of the shorter
schedules, when it should be one of the longer ones. See Termination Assistance Services in Outsourcing.

The MSA should include a provision establishing each party’s rights upon termination of the agreement or any
SOW. Like the preceding section, this provision deals with the exit strategy, and what must happen to the
infrastructure, both technology and human, used to provide the services. The terms can vary widely based upon the
actual implementations anticipated and the exit strategy envisioned. It establishes default provisions that may be
reaffirmed or overridden at the SOW level, so it should generally reflect the usual case anticipated by the customer
and against which the supplier should bid, if it is responding to an RFP. Otherwise, the supplier should be prepared
to explain its deviations, and the justification therefor, to the customer.

Dealing with the transfer of employees at the beginning or end of a relationship is a much more complicated topic
than the transfer of technology, especially in a global outsourcing deal. Particularly when the employees are in
Europe and the Transfer of Undertakings (Protection of Employment) Regulations (TUPE) or the EU Acquired
Rights Directive are implicated. Many of the same issues as are dealt with when entering an outsourcing
relationship must also be addressed upon exit. See Labor and Employment and Employee Benefit Issues in
Outsourcing.

Liability, Indemnities, and Damages

Most outsourcing agreements will include references to the terms “indemnification,” “defense” and/or “hold
harmless,” so it is important to understand each concept and use them appropriately. These are all insurance law
concepts that are often used without a good understanding of the implications, including by lawyers. In short:
• To “indemnify” is to provide security for financial reimbursement to an individual in case he or she incurs a
specified loss. Insurance companies indemnify their policyholders against damage caused by such things
as fire, theft, and flooding, which are specified by the terms of the contract between the company and the
insured. That is why indemnity clauses tend to be very wordy and contain a lot of legalese.
• “Defense” requires the indemnifying party to engage attorneys and manage any litigation or other
proceedings.
• To “hold harmless” someone is to promise to pay any costs or claims which may result. Such an obligation
backstops the indemnity and defense by, for example, covering the indemnified party for any subsequent
fall-out (e.g., unknown lawsuits or claims) stemming from the covered claim and/or its settlement.

Limitations of liability go to the heart of the risk profile for a particular deal, from both the customer side and the
supplier side, so the provisions on liability in an agreement can vary widely between deals.

The customer should carefully consider the risk profile it desires up front, including it in the request for proposal if at
all possible. It is better to insist that the prospective supplier’s pricing reflect the risk profile when the supplier is still
in sales mode, rather than later when the supplier has already been down-selected and the flexibility of the
customer to switch prospective suppliers has been reduced, either because of timing or other business
considerations.

It is important not only to exclude certain damages from the limitations on liability, but also to make clear that when
tracking against a liability cap, these damages are not applied to reduce the amounts available to other permitted
damages claims. Most agreements provide that recoverable damages are limited to direct, or actual, damages.
 Outsourcing Master Services Agreement Drafting

Although there will be extensive case law available to the parties in practically every jurisdiction to help them define
direct damages, it is generally unwise to leave the issue entirely to an “after the fact” determination. Therefore,
many customers will choose to define the term in the contract in order to pick up likely damages that may be open
to dispute. Such damages might include, for example:
• Cover costs. This includes the additional costs incurred by the customer over the charges set forth in the
agreement (a) to transition to and obtain services which are the same as, or substantially similar to, the
services from another provider or providers; (b) to perform services in-house which are the same as or
substantially similar to the services; or (c) a combination of the foregoing.
• Costs incurred by the customer to correct any deficiencies in the services provided by the supplier
• Service level credits
• Fines, penalties, and interest assessed against the customer
• Damages arising out of or in connection with the breach
• Losses covered under a party’s indemnification obligations

An indemnity obligates a party to compensate the other party for losses or damages set out in the provision. This
compensation is separate and apart from other contractual obligations and damages. For this reason, an indemnity
is generally not a substitute remedy for a “normal” breach of contract scenario, but is reserved for extreme
circumstances or situations in which one party has virtually sole control over the subject matter and the information
necessary to prove or disprove the claim, and thus likely the most interest in the outcome as well. However,
theories may vary widely about the appropriate scope of any indemnity. As a result, this provision is typically one of
the more contentious ones faced in the negotiation of an outsourcing contract. Indemnification may also be one of
the more detailed provisions, as it is grounded in insurance law concepts. It will be important to define what is
included in the scope of the indemnity and what is excluded, because recovery under an indemnification clause is
typically excluded from the limitation of liability clause, or culled out into a separate or “super” cap covering certain
types of liability.

Insurance and Risk of Loss

The MSA should include a requirement that the supplier and its contractors maintain insurance for the duration of
the outsourcing relationship. A customer risk management group or other qualified external advisors should be
consulted early in the process of determining the risk profile for the outsourcing deal, as well as the types and levels
of insurance to be required from the supplier and its subcontractors. The advice will extend not only to the
insurance provision, but likely to many of the other provisions of the contract, such as the indemnities and
limitations of liability. The customer will also want the supplier’s subcontractors to maintain insurance. Such pass-
through of the insurance obligation to the supplier’s subcontractors is typically a point of contention, but will
ultimately be decided through consultation with the customer’s risk management advisors. Best practice is to
provide for the pass-through with respect to true subcontractors who are approved to perform a subset of the
functions assigned to the supplier.

For more information, see Insurance in Outsourcing.

Dispute Resolution

As is the case with most contracts, the MSA should include provisions outlining the agreed upon approach to
dispute resolution. An accompanying exhibit will set forth the specific dispute resolution procedures. Except where
prevented from doing so by the matter in dispute, the supplier should agree to continue performing its obligations
while any dispute is being resolved until such obligations are terminated or the agreement expires. Typically, the
laws of the jurisdiction with which the customer is most closely connected is selected as the governing law;
however, qualified local counsel should review the agreement in its entirety for enforceability of the provisions.
 Outsourcing Master Services Agreement Drafting

Along the same lines, the jurisdiction with which the customer is most closely affiliated is typically selected for
bringing suits, actions, or other proceedings. The parties may also wish to consider an alternative form of dispute
resolution, like arbitration.

For more information, see Dispute Resolution and Remedies in Outsourcing; and Litigation vs. Arbitration in
Outsourcing Chart.

Force Majeure

A Force Majeure Event typically means an event(s) meeting both of the following criteria:
1 Caused by any of the following: (a) catastrophic weather conditions or other extraordinary elements of nature
or acts of God (other than localized fire or flood); (b) acts of war (declared or undeclared), acts of terrorism,
insurrection, riots, civil disorders, rebellion or sabotage; and (c) quarantines, embargoes and other similar
unusual actions of federal, provincial, local or foreign governmental authorities; and
2 The non-performing party is without fault in causing or failing to prevent the occurrence of such event, and
such occurrence could not have been prevented or circumvented through the use of commercially
reasonable alternative sources, workaround plans or other means (including, with respect to the supplier,
by the supplier meeting its security and disaster recovery obligations described in the agreement).

Force Majeure Events generally do not include (a) vandalism, (b) the regulatory acts of governmental authorities,
(c) the supplier’s inability to obtain hardware or software, on its own behalf or on behalf of the customer, or its
inability to obtain or retain sufficient qualified personnel, except to the extent that such inability to obtain hardware
or software or retain qualified personnel results directly from the causes outlined above, or (d) any failure to perform
caused solely as a result of a party’s lack of funds or financial ability or capacity to carry on business.

Since a force majeure event may prevent or delay a party from its obligations under the MSA, the parties should
contemplate what will happen in the event of an extended event. Should the customer be permitted to procure the
affected services from other sources; if so, should this be permitted temporarily or permanently? Typically, the
parties will establish a timeframe after which the customer may procure replacement services from an alternate
source. The timeframe is based upon the criticality of the affected services to the customer and the ability of the
customer to procure such services elsewhere; therefore, it can vary widely. In the event that substitute services are
procured, either: (1) the supplier will be liable for payment for such replacement services from the alternate source
for so long as the delay in performance continues, and the customer will continue to pay the agreed charges; or (2)
the customer will pay for the replacement services, but will be released from its obligation to pay the applicable
charges. The parties should then also provide for a timeframe after which the customer may immediately terminate
the agreement as a whole, or any affected SOW. See Business Continuity and Contingency Planning in
Outsourcing.

Related Content

Practice Notes

• Outsourcing Considerations and Planning

• Outsourcing Negotiation Plan Preparation

• Outsourcing Contract Due Diligence

• Outsourcing: Scope, Service Levels, Risk Allocation, and Price

• Outsourcing Procurement Solicitation Process

 Outsourcing Master Services Agreement Drafting

• Service Level Methodology in Outsourcing

• Compliance with Laws in Outsourcing

• Business Continuity and Contingency Planning in Outsourcing

• State and Local Tax Issues in Outsourcing

• Assessing Export Control Risk in Outsourcing

• Privacy and Data Security in Outsourcing

• Governance in Outsourcing

• Labor and Employment and Employee Benefit Issues in Outsourcing

• Cloud-Based Outsourcing

• Termination Assistance Services in Outsourcing

• Insurance in Outsourcing

• Dispute Resolution and Remedies in Outsourcing

Annotated Forms

• Master Services Agreement (Customer)

• Litigation vs. Arbitration in Outsourcing Chart

• Statement of Work

• Statement of Work Clauses

• Definitions Clauses

Checklists

• Outsourcing Transactions Key Issues Checklist

End of Document