As many of us know all too well, the coronavirus pandemic has forced companies and their personnel to shift their operations to a remote, work-from-home (or WFH) environment. This change has had a profound effect on outsourcing providers and their customers. Perhaps the starkest example is the Indian government’s 21-day lockdown of its entire population, creating massive logistical complexities for delivery centers across the country. While the focus of attention in the outsourcing industry for WFH has been the necessary changes to both physical and logical layers of security to protect customer data, this sea change in service delivery also introduces other concerns and considerations for both customers and their providers – issues which, in many cases, demand decisions under immense pressure. The following highlights some of the key issues to consider in the immediate term, as both customers and providers try to balance the need for continuity of services against the limitations and other realities of working from home:
- Collaboration is Key. Both service providers and customers should first and foremost work collaboratively and quickly to arrive at actionable decisions. Parties should fully understand and not lose sight of their contractual rights, obligations and remedies, while accepting that they will need to at least temporarily deviate from contract norms. For example, many service providers and customers may be inclined to look towards their force majeure clauses, but there may be circumstances where mutually agreeable alternative arrangements could be more beneficial to both parties. Also, both parties need to understand whether certain services will or could get preferential treatment, including “essential” services that may be exempt from government distancing restrictions. For example, the Indian government has exempted certain IT and IT-enabled services (that support essential services) from the lockdown – but the practical implications of this are still unfolding. In short, while it is critical to understand contractual rights and remedies, in most cases, the WFH operations will mean that not all services can be performed and not all service levels can be met. In this regard, customers should focus on identifying their business and operational priorities, and then work with providers to address them, rather than trying to hold firmly to all of the contractual requirements. Similarly, service providers should strive to address the customer’s most pressing needs and be frank about what is achievable.
- Documentation is Critical. If a service provider is seeking a change, waiver or relaxation of contractual requirements (whether it be related to security, performance or otherwise), or if a customer is seeking to re-prioritize services or expand the service provider’s liability due to increased security risk, it is important that: (a) first, these changes be discussed and understood by both parties, and (b) any contractual deviations, and the extent of such deviations, are documented clearly in writing in a manner that is contractually binding on both parties. For example, in the security context parties should be realistic about what limits exist in a WFH set-up and then clearly document these revised requirements. Ideally, any documentation will follow the formal contract process and be unambiguous vis-à-vis the pre-existing contract terms. But see Point #5 below!
- Internal Constituents Should All Participate. Customers should encourage all relevant groups within their organization, including representation from information security, legal, compliance, audit and business operations, to play an active role, in determining and documenting WFH arrangements with service providers. Similarly, service provider organizations will be required to have an enhanced level of internal coordination within their organizations.
- Address the Externalities. Customers and service providers should try to best understand and then mitigate any impacts that WFH might have outside of the actual contract and outsourced services. For example, customers and service providers should determine if WFH jeopardizes any liability insurance coverage on which its organization may have been relying; or whether and how WFH will impact corporate controls that are subject to audit and reporting, such as for compliance with the Sarbanes-Oxley Act in the United States. Last, it is important to understand the downstream (or upstream) impacts on any agreements with third parties and what permissions, notifications or other actions may be required as a result of the WFH arrangement.
- No Undue Delay. Parties must balance reasoned consideration with the need for action. Customers should recognize that service provider resources are likely to be limited – including bandwidth, laptops and other physical resources, as well as personnel, such as account management, legal and contract administration resources and, of course, service delivery personnel. On the other hand, service providers should recognize that customers will have legitimate concerns and questions with WFH arrangements, and will need prompt and ongoing engagement with their service providers to understand and assess the implications. With these considerations in mind, both parties should strive to work together expeditiously to minimize any delays in making decisions, including by negotiating reasonably with each other. While not optimal, the current circumstances may require, for example, that more precise contract documentation follow the implementation, or that financial considerations or service level relief be addressed at a later time.
In these unprecedented times, it is critical that customers and service providers work collaboratively, expeditiously and with a proper sense of priorities. As circumstances evolve, both parties must continually monitor the situation, stay in close communication, and plan for additional changes, including – as soon as viable – a return to more normal operations.