10 Dangers in Data Centre Contracts

November 1, 2005

Businesses now rely hugely on the data that they generate and store. Huge data centres have now been established to store and process this data but supplier’s standard contracts that they are based upon often contain hidden dangers.


Some customers and suppliers focus on the practicalities relating to how a data centre is set up. For example, dealing with complexities of exactly what systems are used, their reliability and robustness, power and heat implications and system utilisation rates.


Once decisions on these practicalities have been made, some customers may be tempted to sign the supplier’s standard contract without reviewing them fully and decide to deal with any ongoing changes on an “ad hoc” basis. But it is vital to review and examine data centre contracts carefully to ensure that they cover all of the customer’s commercial, legal and regulatory requirements and contain enough flexibility to cater for future customer changes.


If this is not done then this could lead to unwanted consequences including the deterioration in the customer/supplier relationship and future disputes.


Specifications


Although not an exhaustive list of all issues to be covered, key issues to be addressed in a supplier’s standard contract include:


1. The Tender: A customer often assesses several potential suppliers, basing its final decision upon supplier responses. However, the responses of the successful supplier may not be captured in the standard contract and will not apply if they are excluded by an “entire agreement” clause in the contract. This kind of clause provides that only the issues addressed in the contract will form the entire agreement between the parties to the exclusion of previous dealings between the parties.


Cases such as SERE Holdings v Volkswagen Group UK Ltd [2004] EWHC 1151 (Ch) deal with entire agreement clauses and provide that if these entire agreement clauses are drafted correctly then oral or written agreements that did not find their way into the contract will not apply.


2. Agreement Structure: Key terms (eg price, invoice procedure etc) are often specified in purchase orders that parties leave until the time that goods or services are required. However, it is better to agree as much as possible in the standard contract so that each party is fully aware of all of the terms and conditions relating to the transaction at the start of the deal rather than further terms and conditions being presented in purchase orders during the course of the deal.


3. Co-Location Space: Standard contracts might have an automatic right for the supplier to re-capture unused co-location space (ie space where the servers that support the customer are sited) without providing any refund to the customer.


Customers may want to retain this space, even if unused, so that they reserve the option to expand into this co-location space in the future. Even if a customer decides that it is acceptable for the supplier to recapture the customer’s unused space, customer’s may want a specific notice period in which the customer can decide if this is acceptable or not and be able to refuse this request. Even if giving up space is acceptable to a customer, there should be a refund to the customer if this space is re-captured by the supplier so that the customer is not paying for space which it no longer has the right to use.


4. Changes: An automatic right for the supplier to change the location of the data centre or the configuration of the co-location space can appear in the standard contract. However, these changes should be subject to customer consent, particularly because it may well be that the location of the data centre had a significant bearing on which supplier was chosen by the customer.


There should also be some “flex” in the standard contract, for example, to enable customers to change its requirements to reflect business needs (eg. an option for the customer to increase or reduce space).


5. Prices: Pricing options are sometimes given but exact prices and billing intervals should be given in the standard contract based upon a customer’s particular requirements so that there is no doubt about this. A customer may also want prices to be capped (eg to fixed annual percentage increases).


A pricing schedule should be prepared including specific details about what payments are due, when they are payable and what they relate to.


The recent case of Vogon International Ltd v The Serious Fraud Office [2004] EWCA Civ 104 illustrates that solely relying on the words of the contract when setting prices can lead to payment disputes. In Vogon, there was an IT dispute between the parties relating to the meaning of what “database” and “backup” included and their interpretation effected the price payable, the difference in interpretation being in the region of £290,000. In this case the supplier lost its revenue due to the interpretation given to these words by the Court. If the supplier had provided a detailed payment schedule and payment examples then this problem could have been avoided.


6. SLA: There should be a service level agreement identifying the services, key targets and standards and service credits if those targets and standards are not met.


The supplier may often limit its entire liability to fixed amounts. However, this entire liability must not be limited to service credits alone because service credits are likely to be of relatively low value and will not provide an adequate remedy for major supplier breaches. Service level agreements are not covered in detail here.


7. Excused Outage: The standard contract may say that no compensation will be payable for maintenance, overuse of the data centre or customer actions or omissions but each of these items should be specified in detail. Although a supplier should not be responsible for certain events, the supplier should not be able to rely on a widely drafted “excused outage” clause for events for which it should be responsible.


An “excused outage” clause could be replaced by a more typical “force majeure” clause (ie a party not being responsible for things which are outside its reasonable control) with specific examples of the type of force majeure events covered.


Here, a customer may wish to say that it is not liable to pay for services that it does not receive whilst the force majeure event continues. The parties may also wish to have the right to terminate the agreement if the force majeure event continues for a certain period of time.


8. Termination or Expiry: Termination events should be wider than termination for breach or insolvency. For example, each party may want “break” clauses so that they can terminate without penalty after certain periods. The customer may also want other options to terminate (in whole or in part), for example if it undergoes corporate restructuring or loses major customers.


Upon termination there should be an “exit plan” where the supplier assists the customer with a smooth migration of services either back in-house or to a third party supplier.


The standard contract should also contain renewal provisions. These might give the option to the customer to renew on the same or similar terms and conditions to the existing contract with prices adjusted according to a pre-agreed formula. This approach provides a mechanism for both parties to follow rather than simply waiting for the end of the contract before deciding what to do.


9. TUPE: Under the TUPE Regulations, customer’s employees that were wholly or mainly engaged in providing data centre services prior to the customer outsourcing its requirements may transfer to the supplier. This issue relating to customer employees should be addressed in the standard contract otherwise the transfer of staff could have unwanted consequences for both parties.


Note that the new TUPE regulations that were due to come into force in October 2005 are now scheduled to come into force in April 2006, the delay being due to the large response to the consultation process on these new regulations.


10. Other Issues: These include, amongst other things:


– Disaster recovery. This is becoming even more important due to the extent to which parties now rely on their data centres. Disaster recovery plans should be sufficiently detailed, incorporated into the contract and updated regularly.


– Regulatory limitations. For example, regulated financial services provider organisations will need to comply with FSA guidance where relevant. Confidentiality and security of data is becoming increasingly important and the customer may want to provide that it has access to the data centre premises for auditing purposes and that the supplier follows the reasonable instructions of the customer in respect of such data.


– Customer responsibilities – In order for suppliers to provide the right services at the right standards, suppliers will need the customer to co-operate and provide information etc. The customer’s responsibilities should be set out clearly in the contract in order for the customer/supplier relationship to work well during the project.


– Intellectual property and data protection issues. These issues need to be addressed adequately so that customers have ownership and control of all of the data provided by the customer to the supplier. Who owns different equipment in relation to the customer’s data processing requirements will also need to be addressed in the contract.


– Supplier warranties and indemnities. These are essential to ensure that the supplier provides the assurances that the customer requires in relation to the data centre and its operation.


Summary


By specifying requirements correctly in the standard contract both customers and suppliers can benefit hugely from data centre contracts. However, if key issues remain unaddressed then this does not bode well for the future customer/supplier relationship.


Jimmy Desai is a Partner at Tarlo Lyons: Jimmy.Desai@tarlolyons.com