Choose Site
TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Please join us for a discussion of how the coronavirus (COVID-19) pandemic will affect existing and future outsourcing contracts and relationships. Partners Barbara Melby, Michael Pillion, and Mike Pierides will discuss the following topics:

  • Excused events and associated provisions
  • Business continuity: then, now, and going forward
  • Remote working blessings and challenges
  • Scalability and change
  • Step in, termination, and renegotiation

We hope you’ll join us on Tuesday, April 28, at 12:00–1:00 pm ET, 9:00-10:00 am PT, and 5:00-6:00 pm BST.

Register for the webinar now >>

Often included in long-term outsourcing/managed services agreements but sometimes overlooked as a contractual right, in this post we look at benchmarking provisions, including what benchmarking is, common rights and restrictions, and other considerations for customers and suppliers.

What Is Benchmarking?

Benchmarking provisions grant the customer a right to appoint a third-party organization (the benchmarker) to undertake a review of the price and/or the level of service that is being offered by the supplier under a contract as compared to the price and/or level of service offered by comparable suppliers for comparable services.

When responding to requests for proposals (RFPs), vendors should be conscious that they might be disclosing highly confidential or commercially sensitive material to the potential customer, with no guarantee of securing the proposed contract. Such information could, without any restrictions, be used by the potential customer to assist the vendor’s competitors or to develop solutions in-house.

In light of this, prudent vendors should carefully consider what legal protections they include in their RFP responses alongside operational and commercial details. We have set out some key considerations below.

Morgan Lewis’s COVID-19 Task Force and Coronavirus COVID-19 resource page have been established to address the variety of legal issues impacting companies at this time.

On our resource page, you’ll find the latest analysis and updates addressing today’s crisis and tomorrow’s legal challenges.

The resource page contains sections for:

  • Webinars
  • Specific COVID-19 topics
  • Geographic regions
  • Different industries

Outsourcing and Managed Services Agreements LawFlash

Morgan Lewis’s Technology, Outsourcing, and Commercial Transactions Group has published a LawFlash which provides a high-level look at the effect of the disruption caused by COVID-19 on key outsourcing and managed service agreements.

There are two primary models by which vendors will make software available to customers (1) software as a service (SaaS); and (2) on premise. In a SaaS model, the vendor provides, maintains, and hosts (either itself or through a hosting SaaS vendor) the desired software, and grants the customer access to the software functionality via the internet. In an on-premise model, however, the vendor will deliver the software (either physically or through a file transfer system) for the customer to install on its servers behind the customer’s firewall.

Please join us for an in-depth discussion on how to successfully renegotiate your existing services contracts with technology, outsourcing, and commercial transactions partner Vito Petretti. Topics will include:

  • A general look at the renegotiation process
  • Business issues and drivers involved in renegotiation
  • How to conduct a renegotiation
  • Contract terms that may impact renegotiation

We hope you’ll join us on Wednesday, April 8, 2020, from 12:00–1:00 pm ET.

Register Now

One of the major changes introduced by the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was signed into New York law last year, is scheduled to take effect this week.

The SHIELD Act modernized New York’s laws by (1) expanding the data elements that may trigger data breach notification to include certain biometric information, user names or email addresses, and account, credit card, or debit card numbers, if circumstances would permit account access without a security code or other information; (2) broadening the definition of a breach to include unauthorized “access” (in addition to unauthorized “acquisition”); and (3) creating a new reasonable security requirement for companies to “develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of” the private information of New York residents. The first two changes took effect on October 23, 2019, while the third will take effect on March 21, 2020.

The Financial Stability Board (FSB) published on December 9, 2019, its report on financial institutions’ increasing reliance on third parties to provide cloud computing services (the Report). Established by the G-20 in April 2009 to promote international financial stability, the FSB is an international body that assesses vulnerabilities in the global financial system and coordinates the work of national financial authorities and international standard-setting organizations to develop and promote appropriate regulatory and supervisory policies.

The Report outlines the benefits from the increasing use of third-party cloud computing services, focusing primarily on cost savings, improved competition and cybersecurity, and increased operational resilience. It notes, though, the new challenges that the current scale of use may pose, such as the significant and systemic effects that an operational failure of critical third-party infrastructure could have. This is due to the highly concentrated cloud computing sector and the increasingly complex network of third-party suppliers and dependencies.

Morgan Lewis recently published an article on the 2019 Novel Coronavirus (COVID-19) outbreak and its effect on General Data Protection Regulation (GDPR) in the European Union. This article discusses the nature of the temporary suspension of some data-protection rights in times of crisis, and how the need to address the ongoing health crisis is being balanced with data-protection rights in Italy, France, and Germany.

Read the full article.

In cloud services, whether it is infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), service availability is often a significant customer concern because the customer is relying on the vendor to provide and manage the infrastructure and related components that are necessary to provide the services. To address this concern, vendors will often provide a Service Level Agreement (SLA) containing a commitment that the service will be available for a percentage of time (e.g., 99.9%) during a certain period (e.g., week, month, or quarter). This is often referred to as an uptime or availability commitment. When reviewing and negotiating an SLA with an uptime commitment, it is important to consider the following issues.

Uptime Percentage

Given the different types of cloud services and how those services are used, there is no standard uptime commitment provided by vendors. Rather, uptime commitments can range from 99.999% to 97% or even lower. It is also not uncommon for vendors to provide different uptime commitments for different parts of the service. Ultimately, a vendor’s uptime commitment will depend on a variety of factors, including the type of service, how a customer will use the service, negotiating leverage, and vendor’s business model.