Emerging technology services have revolutionised the sourcing industry. These disruptive technologies like autonomics, interface technologies, big data analytics and other computing technologies have permitted smaller companies to successfully challenge established incumbent businesses. Specifically, as incumbents focus on improving their products and services for their most demanding (and usually most profitable) customers, they may exceed the needs of some segments and ignore the needs of others.
Disruptive new entrant providers begin by successfully targeting those overlooked segments, gaining a foothold by delivering more suitable functionality, and frequently at a lower price. Meanwhile the incumbent providers, chasing higher profitability in more demanding segments, may not respond as vigorously. Entrants then move upmarket, delivering the performance that incumbents’ mainstream customers require, while preserving the advantages that drove their early success.
From a customer perspective, adopting emerging technologies can give rise to a number of challenges, especially around the completeness of the solution and the contracting risk profile. New emerging technologies, at this point, are relatively inflexible. Products are sold on an "as is" basis with as few guarantees as possible, thereby arguably delivering limited value compared to more traditional solutions but with an increase in risk to the customer. Cybersecurity is the one we read about every day.
Whereas a customer might previously have outsourced all of its IT infrastructure to a single provider, for (let's say) a term of up to 10 years, now customers are utilising public cloud arrangements with the likes of Amazon Web Services and Microsoft and are combining this with a private cloud for their very sensitive data - the theory being that customers are using the public cloud for their public website and the private cloud for sensitive data like credit cards.
They are engaging (and asking other providers to engage with) a cloud integrator who integrates the public cloud, the private cloud and managed services. At the same time they are investing in interfaces with companies for social mobile, internet of things and other digital age platforms that is necessitating the addition of a security as a service, and generating great data which is being analysed in a data warehouse.
Is the traditional approach to sourcing fit for emerging technology services?
There has been an historical dependence on prescriptive RFP models, and the assumption is made that customisation is available. This model does not apply with digital age service providers. Comparisons are not possible and customers have an expectation that they will receive more traditional (risk-averse) contract terms versus new flexible contracting terms.
Customers are having to accept more risks than they have before. Under the more traditional model, customers argued to shift risk on to the supplier because the supplier was the "expert" and the customer was in a position to enter into a very bespoke arrangement - but this is not the case with emerging technology services. Instead customers are buying more standardised services and having to take more risk which should be understood and mitigated.
Historically there has been an expectation that services will be sourced through established channels, for example, through a combination of the legal, finance and procurement functions. Instead we are frequently seeing rogue contracting where individuals or business units enter contractual relationships with providers independently of these established practices because of the simplicity and ease with which you can purchase these services through the internet.
As a result, its more challenging than ever before to truly do an accurate comparison which used to be the objective of a sourcing RFP process because many of the digital age providers offer solutions which have diverse capabilities.
Changing assumptions on contract terms
Similarly yesterday's contract templates are unlikely to meet customer's needs when contracting for emerging technology services or even integrated services where there is a traditional service with a digital age component.
The traditional assumption is that services will be performed by people and much of the contract is based on that assumption. However, it is more likely now that services will be performed by computer with robotic process automation and cognitive computing. Neither assumption is completely accurate. Traditional services have long been performed with a healthy dose of computing and digital labour has to be monitored and fixed by people. It isn't the combination that's at issue, but the mix has shifted greatly.
Pricing was previously based primarily on inputs or based on specific tasks being performed. With emerging technologies, pricing is more likely to be based on access to fixed infrastructure. Much of the value has now shifted to the data being generated by the service - not necessarily having an internet of things device but having access to and the rights to use that data.
The traditional assumption is that customers wanted long-term contracts. However, the emerging technologies are causing solutions to change. Providers may not be sure they will be able - or want - to provide the same services for lengthy periods, and customers want the flexibility to contract the newer, better, cheaper solution when it becomes available.
A "risk-based" approach
To protect customers, contracting must become even more "risk-based". It may not always be possible or appropriate for customers to contract on their standard terms (that may be comprehensive and cover the risks associated with a traditional sourcing relationship). Therefore, customers should perform a gap analysis of its standard terms versus what the provider is offering.
Customers should create standard contracting policies, for example, a cloud policy risk assessment tool which would identify preferred provisions to suit an organisation's risk appetite. Such a policy would also identify "fall back" positions and a "walk away" position. This road map to negotiations keeps organisations within the boundaries of its particular policies as assessed against its appetite for risk – and provides a streamlined, cost-effective approach to negotiations with providers. If customers insist on negotiating and using their own contract terms, we recommend using short, plain English templates that offer the flexibility required to suit the new dynamic sourcing relationship.
Are there specific legal risks?
It is critical for customers to prevent inadvertent disclosure of confidential information or trade secrets by permitting use of customer data in "big data" analysis. Big data is helpful and also valuable – providing you own it. Customers should consider what party will monitor and have the right to manipulate it. This should be expressly addressed in the contract terms, in favour of the customer. Cyber and privacy law are big areas of compliance that should be expressly addressed in the contract terms. Compliance is key, as breaches can be costly to the organisation, both financially and on a reputational level. Delineation of obligations must be addressed and adequate measures prescribed, adopted and enforced.
What happens once the contract is signed?
Things can go wrong quickly if a traditional approach is taken to contracting for emerging technology services.
For instance, each new emerging technology services provider will require to be integrated into the overall platform. Such integrations require custom work because service levels and the support models from the services offered by the providers all vary. The services introduce new integration points and new potential points of failure of both service and security and there is also an increased risk of value which increases the need for increased mitigation strategies.
Other areas of traditional outsourcing arrangements that need to be considered are change and incident management. Consider the complexity which is likely if a customer changes one solution and the consequential impact it may have on others. Similarly with incident management when an incident or fault occurs, it might take more time to fix given that there are more parties to contact to find out the source of the problem before steps can be taken to resolve it.
Governance can be timely and costly. The low-cost model of most emerging technology services providers assumes that face to face meetings with customers are not accounted for, which is unlike traditional contracts where specific functions are set up for regular reporting relationships. It may be difficult to marry the emerging technology services providers routes to resolution with their more traditional counterparts. Often with emerging technology services there can be unexpected or hidden costs if clients don’t follow the right sourcing process, and governance is one of these areas of cost.
Practical steps to mitigate operational and legal risks – the sourcing team
Customers should consider building an emerging technologies sourcing team, that is cross functional, to understand new technologies, the integration required and how best these technologies can support the business. Legal support is key to avoid some of the risks, and organisations should engage an information security team on what can and cannot be bought.
More generally, the sourcing team should include a legal compliance function. Legal compliance for most industries has not been built into products yet. Having compliance representatives there to understand the risks is important. For example, standard contracting terms for emerging technology services are unlikely to address e-discovery or litigation holds. These compliance functions will still be required – but will inevitably be an additional cost over and above the standard service offering. The sourcing team should include a finance function. Customers may go to emerging technology products for cost savings that never materialise, and the risk is that a team of IT enthusiasts will bring the solution in without doing adequate analysis of hidden costs.
Building a specific team requires material investment, but it is an investment which will pay dividends long term. If this is not possible, consider the following:
- Consider moving away from prescriptive RFPs and instead use flexible requirements documents, which capture the customer's own understanding of what its requirements are and what a provider can provide. This should be followed by a gap analysis. Identifying the service gaps aids comparison and facilities a more holistic understanding of the platform, and whether such gaps can be filled with other solutions or whether the customer should consider building its own solution to cover a gap.
- Customers should map the integration points between its organisation and each of its providers. It may also need to map data flows e.g. if a service is procured from a mobile app provider, how will it connect into a relevant database.
- Determine the financial business case for the solutions – and ensure any proposal is fully costed.
If these steps are taken, a customer should be able to make an informed assessment of the business risk associated with the implementation of emerging technologies.
There is no doubt that emerging technology services are already impact the contracting landscape and there is no question that yesterday's approach to sourcing is no longer fit for purpose and will not meet today's needs in terms of contract with these providers. Spend time working on it and updating your polices and creating this new sourcing approach.
About the Author Megan Paul is a senior associate in the Corporate team at international law firm Mayer Brown. Megan, part of the Business Technology Sourcing Practice, has significant experience with outsourcing transactions, acting on behalf of suppliers and customers across multi-jurisdictions and in a variety of industry sectors.