What’s in your Service Desk Outsourcing Master Services Agreement?
It’s safe to say that selecting a service desk outsourcing vendor on an enterprise scale will never be an impulse buy. Even with the initial dialogue, both parties must gauge the degree of symbiosis. Is the vendor focusing on your goals and requirements and providing consultative value or merely hitting you with a slick pitch and solution A, B, or C? Assuming it’s the former and some level of confidence is established, you may need to execute a Non-Disclosure Agreement (NDA) and from there the deeper elements of the conversation are just getting started. Afterward, the client may issue a formal RFP, vetting out each potential vendor’s experience and capabilities before receiving a slew of proposals for review. Then there are presentations, demonstrations, and follow up conversations, site visits, proposal revisions, then more follow up conversations. Are we done yet? Probably not.
Only then does the conversation turn to the more granular aspects of data security and risk assessments which are often delineated ad infinitum in the Master Services Agreement…among other things. So considering the time and effort both parties invest in the evaluation process, imagine if it’s all for naught because the finer points (and print) in the final Master Services Agreement (MSA) didn’t get addressed until the eleventh hour or, more accurately, the eleventh month. Rather than discover the deal breakers after the additional time and expense involved in legal review phase, it’s best to get a sneak peek at what may be in store as soon as possible. In the rare case you find a vendor unwilling to get you an advance copy of their executable documents, here are some of the essential sections:
Contract length is only one point. A three to five-year term assures the recovery of initial startup costs. Rebooting that one-time fee with a new vendor from one year to the next only makes financial sense if the previous one had delivered substandard service. Since the average RFP development, response, and evaluation period, at least on an enterprise scale, can take up to two years, a one to two-year contract makes transition timing a challenge. Understandably, many clients like an MSP to earn their trust year to year, but if they offer better pricing for longer-term agreements along with legal and/or financial consequences for not meeting SLAs (i.e. the required level of service is guaranteed), there is little downside in the length of commitment. Anticipated CIO turnover and a swing back to an in-house solution or major downsizing would be the only remaining deterrents to a multi-year agreement.
Other direct advantages are often improved resolution rates that tend to gain momentum as agents develop more familiarity and proficiency with the client’s unique environment, processes, and culture (i.e. communication style and business impacts of service interruptions) over time. Stronger relationships, team synergy, and more context of a client’s IT strategy and its evolution make the service desk a more effective strategic partner able to contribute to the new technology evaluation cycle.
Not to Hire
A sensitive area that most help desk outsourcing vendors insist on is the “not to hire” clause. In the course of meeting their other contractual commitments they make a considerable ongoing investment of resources to recruit, train, retain, and manage the people who deliver on the contracted service levels each month. As a result, the client will develop a bond with their favorite agent especially if they are placed on site, but they have to resist the temptation to hire them. To approach an agent with a direct position because he or she is contributing to the team’s high standard of support is essentially penalizing the provider for that successful investment while still holding them accountable for the less than stellar performers. There’s a reason it’s called a Managed Services Provider and not a Managed People Provider. Although the service is delivered by IT professionals, it is contractually the same as a utility, charged based on usage, not the individual. All of the staffing burdens and headaches are absorbed by the MSP in keeping with the true nature of outsourcing. Even if a client is paying a monthly fee per each dedicated support agent, the managed service does not disappear should the position itself experience turnover. Since a mutual appreciation between each organization’s employees can and should develop, the “not to hire” clause is often mutually applied.
Depending on the client’s industry, each has its own data security requirements and how support interactions and confidential information is handled. In the healthcare industry, HIPAA compliance and communication with Health Information Management teams are crucial. With financial institutions the data security compliance and regulation challenges alone are daunting. Is the service desk expected to handle critical data for banking or financial services firms to the extent that the Fair and Accurate Credit Transactions and Gramm-Leach-Bliley Acts are applicable? What can they commit to with regard to third-party audits, vulnerability assessment, penetration tests and at what frequency? Is client data segregated and housed in an SSAE 16 certified facility? How are backups conducted? What are the data encryption and access protocols? For most service desks, confidentiality, liability, and insurance cover instances of viruses and breaches across all industries, but what proactive safeguards are enacted, monitored, and certified? To what extent are they compliant with the client’s specific industry? With regard to disclosure between both organizations of electronic data, risks assessment review must cover all of the bases.
Often the service desk vendor will bring its own proprietary tools to the relationship such as an internally developed ticketing system, remote access software, or procedural documentation. But all work and work products, such as ticketing information which is generated as part of the service desk activity, remain the property of the customer. Even upon termination of services, the customer will own its account specific procedural and ticket history data, typically exported in XML, CSV, or other Excel format before it is purged from the system. Like with any good relationship, keeping track of who owns what from the beginning and having the means to keep those assets separate.
Payment for services rendered makes up the lion’s share of the client’s legal obligation. For organizations with limited budgets or cash flow, it’s important to negotiate for favorable payment terms (i.e. how many days from invoice receipt to remit). How are late receipts handled? Is the service immediately shut down the first day they’re late or is the vendor more forgiving with regard to internal red tape and AP authorization procedures?
Of course, there are other contractual standards such as liability and damages, insurance coverage, force majeure, etc. A lot of this language is familiar territory in both the client and service provider’s MSA as much is shared among the legal community and rarely raises any red flags. It’s what’s unique in the terms and conditions of a potential relationship that must be addressed on paper as soon as possible. Both parties stand to gain when too much time isn’t lost.