Protect yourself when outsourcing

How can you reduce risks when choosing a supplier? And what employment law changes are due, besides the Queen’s bank holiday?

DJ writes: My company outsources much of its administration, and one of our providers has recently gone bust. We are therefore having great difficulty getting access to our records, and some of them have had to be re-created. We are now looking for a new provider. Have you any advice on how we could cut the risk of such a problem occurring again?

To reduce your risks when engaging an outsourced service provider, you should have suitable safeguards in the contract or service level agreement and make sure they are understood in the same way by both parties, writes Jon Sutcliffe, partner at Kingston Smith LLP.

You are probably struggling to keep day-to-day operations going after the failure of your provider. This highlights the need to not only get the contract with the new provider right, but also to continue to monitor the critical components of the deal.

Prepare a clear plan of how the work might be brought in-house if you have another problem. Make sure your agreement states that you will receive regular back-ups of your data — and check that these data can be used.

You also risk falling foul of the Data Protection Act if your material includes personal information. It is you, and not the provider, who will be held responsible for what is done with personal data.

The law requires that there must be a written contract setting out what the provider can do with personal data. Therefore, the contract must require the provider to take the same security measures you would have to take to handle the data.

You must take reasonable steps to check that these security measures are being put into practice, and that you are happy with the contingency arrangements of the provider.