How Should IT Services Be Described in a Contract?
A contract with a supplier to provide managed IT services to specific service levels will often include detailed schedules to define the service requirements. The service schedules typically include:
-
Security standards, including any necessary certification, such as ISO/IEC 27001
-
Service-management standards, including any necessary certification, such as ISO/IEC 20000
-
Technical requirements for interfacing services
-
Requirements for interfacing ITSM processes
-
Security requirements
-
Service-desk requirements
-
Performance-reporting requirements
-
Service levels
-
Key performance indicators
-
Service-review requirements
Contract Management Techniques
How Should Contract Management Address Compliance?
Following the award of a contract, contract management should periodically check both the supplier and the customer are complying with the contractual requirements, terms and conditions. Contract compliance checks should not wait until issues are identified, as the parties may not become aware of these until after the contract has been awarded. It is particularly critical for contract management to check compliance of financial details of the contract, including payments, revenue and incurred costs, as these can directly affect margins. A contract-management-compliance audit should start with a review to identify the areas of highest risk to the organization. There is a risk that overzealous compliance audits can damage the customer-supplier relationship. Contract management, therefore, should use a compliance approach to identify improvement opportunities to benefit both parties, and should not try to apportion blame. A useful compliance approach in contract management is to create a governance structure in which both parties have a vested interest in managing what are often highly complex contractual arrangements in a more collaborative, aligned, flexible and credible manner. The governance structure for contract management should define how the parties work together to make both day-to-day operational and strategic decisions. The structure should include a process to track jointly the overall performance of the relationship and to review regularly exit planning as well as activities to check compliance of specific controls and regulations, including traditional contract-compliance audits.
Contract Management in IT
A typical IT department will use goods and services many different suppliers provide and according to the terms and conditions of several different types and forms of contract. Each of these will require different levels of contract-management activities, ranging from none to substantial. Even if an organization has a dedicated procurement function with responsibility for agreeing, signing and managing contracts, IT must still be aware of any of its contractual obligations.
“Off-the-shelf” consumable sales contracts
Sales contracts to buy “off-the-shelf” goods, such as memory sticks, effectively end once the goods have been delivered. There is no need to manage this type of contract; however, IT should check the details of the contract to ensure it has no continuous liabilities with the supplier.
“Off-the-shelf” software sales contracts
A sales contract for software can seem similar to a contract for buying consumables, but most software contracts include continuous requirements for IT, concerning license management and ownership of the application. The terms of this type of contract often state the supplier retains ownership of the application software, however, the customer has just purchased a license to use it. If IT isn’t aware of these contract requirements and manage their compliance, then the organization could face legal action.
Bespoke software development contracts
Any contract with a supplier to develop bespoke software should include clauses defining who owns the rights to the developed software. The contract might specify the supplier owns the software assets, even though the customer paid for the development or ownership passes to the customer once payment has been made. IT must understand the terms of ownership, especially if IT subsequently amends the software for its specific use or need. ITSM asset management must be clear about the ownership of the assets, so it is reflected in its asset management database. IT must also understand the supplier’s responsibility for support and maintenance, so IT can avoid pressuring a supplier unduly to resolve an issue for which it is not responsible according to the contract and to ensure the appropriate amount of effort is expended to manage the contract.
Service-based contracts
Contracts stipulating a supplier provides continuous services to IT require the highest level of contract management, including contracts for services, such as application support, hardware maintenance, wide-area network provision, outsourced fully-managed services and facilities management. The level of contract management will vary according to the criticality of the service provided to IT and the organization, the quality of the supplier and its services and the contract requirements.