8 Tips to Deal With Liability When Outsourcing to Multiple IT Vendors

There's little question that multi-sourcing -- parceling out the IT services portfolio among a number of vendors -- is the new normal for IT outsourcing. But what happens when things go wrong and there's no proverbial single throat to choke?

"Multi-vendor outsourcing arrangements are more complicated because services can very rarely be performed in isolation from other services," says Lois Coatney, partner with outsourcing consultancy Information Services Group (ISG). "Because of this risk, providers will use commercial language to 'carve out' where they will not be held accountable."

"There are no market norms for these liability issues," says Shawn Helms, partner in the outsourcing and technology transactions practice of K&L Gates. "These are service providers that are fierce competitors and getting everyone to agree to the same exact terms is a herculean task that takes significant time and effort."

Even in the best circumstances, it can be a challenge to get companies who battle for business outside your four walls to work together within them. When there's a service delivery problem, things can get even trickier. You've got one vendor running network operations, another maintaining servers and mid-range equipment, and a third maintaining applications. When your business users can't access the tools they need to do their jobs, who's to blame?

"In theory, a multi-provider service delivery environment should not create additional complexities in terms of liability. The contracts -- entered into separately between the customer and each supplier -- should, if well constructed, clearly delineate the liabilities between the parties," says Mario Dottori, leader of the global sourcing practice in Pillsbury's Washington, D.C. office.

"In practice, however -- from an operational perspective -- the lines of responsibility and, hence, liability are often blurred." In addition, "investing in a more nuanced allocation of liabilities helps to align incentives and avoid conflict," says Brad Peterson, partner with Mayer Brown.

However, customers should take care not to nail their team of providers to the wall with onerous liability requirements. "If the customer insists on unreasonable liability terms, there is a strong likelihood that nothing ever gets done," Helms warns.

It's important that outsourcing customers think through the myriad multi-vendor issues that could arise -- from legal actions between contractors to service integration issues to limits of liability -- long before they happen. Following are steps clients can take to manage liability in multi-sourced environments.

1. Clearly Define Roles and Responsibilities

"Liability arises from lack of clear lines of responsibility and accountability, particularly when one vendor's performance is dependent on another's," says Paul Roy, partner in the business and technology sourcing practice at Mayer Brown. "The most important risk is non-performance -- or cost or damage to the customer -- without clear lines of responsibility."

Define the lines of demarcation between vendors and make those lines "clean and bright," says Pillsbury's Dottori. Some ambiguity is unavoidable, Roy adds, so require vendor coordination in root cause analysis and problem resolution, ideally with some shared risk.

2. Create Operating Level Agreements (OLAs)

OLAs state how particular parties involved in the process of delivering IT services will interact with each other in order to maintain performance, and can help all parties "see the forest for the trees," says Dottori.

"These arrangements offer the opportunity for enhanced visibility of the service regime as a whole and helps to reduce -- or better arm the parties with solutions for -- missed hand-offs and finger pointing." One caveat: Most providers will not agree to take on additional liability in OLAs. But such an agreement can be an effective preventative measure.

3. Consider an Outsourcing Cooperation Agreement

Outsourcing cooperation agreements contractually obligate service providers to work together at an operational level. They're new, and there are no market standards for them. "We structure these agreements to place liability for service failures on the outsourcing providers as a group," says Helms of K&L Gates.

Such an agreement should address end-to-end service levels, credits provided by the entire group of providers based on default, governance mechanisms that allow service providers to meet and allocate financial responsibility for credits, and limits of liability. "The most important aspect of these multi-provider cooperation agreements is to get a single, consistent contractual framework to govern the eco-system," Helms says.

4. Invest in Service Integration and Management

The real risk for customers in multi-vendor arrangements is loss of control, says Roy. Investing in service integration and management tools, including contract mechanisms and governance processes, is critical.

"Carefully define the role of service integrator, and particularly who bears the risk of a managed third party failing," says Peterson. "This is not a traditional legal role, like subcontractor, and so you need to write your own law into the contract."

If you're taking service integrator responsibility in-house, take care. "Multi-vendor sourced deals have the potential for reducing risk of failure by any individual vendor, but they increase the risk of integration failures," says Roy. "The customer assumes a lot more responsibility for managing risk in multi-vendor deals which means the customer has to more carefully plan the coordination of its individual vendor deals and invest more in the integration and management of those deals."

5. Make Sure Vendors Speak the Same Language

When the CFO can't close the books, she doesn't care if it was because the network was unavailable, a server crashed, or the application wasn't maintained properly. Reduce the likelihood of finger-pointing by creating a common framework for measuring performance. In addition to shared software tools that monitor infrastructure components, require each provider prepare a root cause analysis for each issue, incident, or problem, Dottori advises.

6. Decide if You Want to Play Mediator

There are pros and cons to being in the middle during conflict negotiations. Determine in advance what your role will be. "Being in an inter-vendor discussion can help to get the right operational result and avoid having the vendors decide that you're the problem," says Peterson of Mayer Brown. "However, requiring the vendors will work out liabilities among themselves without involving you saves you time and keeps you out of contentious discussions that might not involve you."

7. Give Providers Seats at Your Table

"In the case of multi-provider environments, customers are well served by integrating their governance regimes into an enterprise program management organization," says Dottori. Give key providers seats at the table and enable them to participate in the overall service governance deliberations that may impact their responsibilities.

8. Create a Culture of Cooperation

Multi-sourced environments are the norm. Service providers will accept new obligations, like end-to-end service levels that require interaction. But the onus is on the customer to make them work. "Clients must be prepared to establish an environment that enables and nurtures collaboration so that service providers can indeed interact effectively so that there is less risk of not meeting their obligations," says ISG's Coatney. "Otherwise, the walls between service providers will go up, and services will suffer."

Stephanie Overby is regular contributor to CIO.com's IT Outsourcing section. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about outsourcing in CIO's Outsourcing Drilldown.