Chicago recently experienced its first dust storm since 1934, resulting in low to zero visibility in some parts of the city.
Outsourcing and technology deals are increasingly done in “dust storm-like” conditions, with low to zero visibility into a wide range of issues, ranging from geopolitical to economic to regulatory and beyond. Navigating through these conditions requires clarity—including contractual clarity—on consistent core principles, creative thinking about resiliency, a flexible framework for decision-making, and an action plan you can implement in the worst-case scenario.
Describing Core Principles
The core principles should be clear, concise, and deal-specific. Consider the following non-exhaustive factors when identifying the core principles for your outsourcing or technology contract:
- Identify What is Essential: Determine what is essential, taking into account the impact a technology/service disruption would have on the customer’s business
- Know Your North Star: Align on the objective or metric that will guide all decision-making, whether it be safety, integrity of the financial systems, legal compliance, parity with others in the same industry or market, or another relevant metric
- Allocate Scarce Resources: Set expectations with respect to prioritization relative to other users of technology or services, either based on the industry, degree of dependency, size of the account, or other relevant factors
The Rise of Resiliency
“Resilience is accepting your new reality, even if it's less good than the one you had before.” – US attorney and activist Elizabeth Edwards
Outsourcing and technology contracts often contain nuanced provisions addressing changes in law, force majeure events, cybersecurity incidents, and other eventualities, all designed to put in place appropriate plans and processes to manage foreseeable adverse scenarios and allocate related risk.
While “traditional” contractual mechanisms for dealing with adverse events remain important, resiliency as a whole is increasingly regulated, but on a targeted industry-by-industry, jurisdiction-by-jurisdiction basis (e.g., regulated of digital operational resilience of the financial sector in the European Union through the Digital Operational Resilience Act (DORA)).
Industries and jurisdictions that are not (or may not yet be) subject to resiliency-focused regulations should consider leveraging extensive work done in the regulated industries or jurisdictions in connection with these regulations for the benefit of the broader customer base. For example, a technology provider servicing the financial sector would have implemented changes to the supply chain necessary to achieve DORA compliance. The resiliency of this stronger supply chain may, in turn, increase the resilience of an automotive manufacturer using that same technology.
Developing A Generally Applicable Framework For Decision-Making
“Plans are nothing; planning is everything.” – US President Dwight D. Eisenhower
Consider supplementing existing contractual and regulatory mechanisms that address likely adverse developments and resilience topics with a decision-making framework based on the core principles described above. In other words, if there is no relevant plan or procedure and limited time to make a new plan or procedure, what is the “right” process for making decisions? Consider the non-exhaustive factors below.
Allocate Responsibilities for Monitoring, Testing, and Decision-Making
Determine the minimum acceptable level of control each party would have in a “dust storm.” Under what circumstances would unilateral action by a party be acceptable, at least on a temporary basis? For example, does the customer have the right to determine that the “dust storm” is sufficiently imminent to warrant implementation of contingency plans?
While the process for declaring an emergency or disaster is well-established in business continuity and disaster recovery principles, one of the newer trends is long-term uncertainty and volatility in highly disruptive events—whether with respect to the impact of tariffs, executive orders, the COVID-19 pandemic, and other factors where industries and organizations may make reasonable but different judgment calls.
A critical precursor to decision-making is ongoing monitoring and reporting of the relevant conditions. While macro-conditions that are not specific to the deal may be monitored by both parties, likely for different reasons, consider a flexible structure for information gathering and information sharing consistent with the core deal principles.
Set Up Lines of Communication
Determine the “always on” level of communication that can be reasonably available for nearly any situation. For example, an outage that is expected to rise to the executive level may warrant an active executive-level channel of communication if needed. Yes, this would not be a reasonable avenue for hundreds of vendor contracts that may need to be dealt with under adverse circumstances.
Identify Relevant Decision-Makers
Determine the core group of individuals who can make decisions when ordinary course processes are not available for any reasons.
Design Clear Contractual Backstops
Contractual backstops, such as termination rights and step-in rights, are increasingly viewed as key deal points, similar to pricing on the commercial side and data protection on the legal side.
In the next installment of this two-part article, we will explore current trends in these contractual backstops in the face of uncertainty.