On October 31, 2014, the International Organization for Standardization (“ISO”) published a new standard ISO 37500:2014 - Guidance on Outsourcing (the “Standard” or “ISO 37500”) to provide general guidance on outsourcing. It is likely that the Standard will impact outsourcing practices in Canada, both because of the comprehensive nature of the Standard and because of Canada’s role in its development. In this note I want to look at ISO 37500 in more detail. The discussion is divided into three parts:
More information about the Standard, including how to obtain copies, can be found on ISO’s website at http://www.iso.org/iso/catalogue_detail.htm?csnumber=56269. I. Background Development of ISO 37500 was triggered by a request from the Netherlands Standardization Institute to ISO in 2010 that ISO consider developing a new international standard for outsourcing with wide application, i.e. applicable to all forms of outsourcing and not focussed just on Information Technology. A technical committee, ISO Technical Committee 259, Outsourcing (ISO/TC 259), was established in 2011 to guide the development of the standard, with participation from the standards bodies of thirteen countries including Canada but not including the United States. The Technical Committee received input from buyers, service providers, outsourcing advisors and academics over the four years of development and at six plenary sessions. Canada participated in the Technical Committee through a Mirror Committee established by the Standards Council of Canada, Canada’s representative to ISO. The Mirror Committee consisted of representatives of governments and customers, practitioners and lawyers under the chairmanship of Dr. Rob Babin of the Ted Rogers School of Management at Ryerson University. Members of the committee reviewed draft documents and made suggestions as part of the review process. In 2013, a draft international outsourcing standard, ISO/DIS 37500, was issued by the Technical Committee for approval by ISO members. When voting closed in January, 2014, the draft standard had been approved, although it took ten more months for the committee to work through the almost 800 comments that were received and for the standard to be published. Canada was one of the countries that voted in favour of the draft standard and ISO 37500 is now referred to on the Standards Council of Canada website (https://www.scc.ca/en/standardsdb/iso/156609). II. ISO 37500 It is important to grasp the scope and depth of ISO 37500. It may be easiest to approach this task by first thinking about something unrelated to outsourcing, say a guide for opening and operating a restaurant, where the restaurant guide applies:
Such a guide would almost certainly begin by discussing the benefits of taking a phased approach to the restaurant project and would probably include a model of the life cycle of a restaurant. And it would likely suggest the early development and continual updating of a comprehensive business plan for the operations of the restaurant. The guide would also describe the issues to be considered and resolved and the processes to be established during each phase to ensure that the restaurant, when established, was able to attract a clientele, serve appetizing and interesting food and make a profit. There would be a great deal of emphasis placed throughout on the critical importance of having good management/governance practices including checkpoints to review progress against the business plan and of developing and maintaining healthy relationships at a personal level. What the guide would not do, since it is intended to be universally applicable, is identify statutes that needed to be complied with in any country, suggest possible locations or hours of operation, identify the types of food to be served, provide recipes for individual dishes or include the Michelin rankings for other restaurants. In a sense, the guide would be all about principles and not about the details of any specific restaurant. In the outsourcing context, this is what ISO 37500 does. It provides a comprehensive guide to organizations about the phases of an outsourcing, the processes that organizations need to implement and the governance that is required to be successful, regardless of the size of the transaction, the industry sector or the activities to be outsourced. As the Introduction to the Standard states:
“[The Standard] aims to provide general guidance for outsourcing for any organization in any sector. It provides a vocabulary for outsourcing practitioners across all industry sectors. It includes typical outsourcing concepts to improve the understanding of all stakeholders, by providing a set of practices that can be used to manage the outsourcing life cycle.”
Like the hypothetical restaurant guide, ISO 37500 is based on a four phase outsourcing life cycle built off effective governance practices:
The Standard describes each of the phases in detail, setting out the processes to be established or activities to be completed during the phase and for each process or activity, key success factors, inputs and outputs. There is an emphasis throughout the phases on identifying the risks involved in outsourcing, preserving the flexibility of outsourcing arrangements and accommodating changing business requirements. ISO 37500 represents an international standard, the first one, for outsourcing for organizations. What it is not is a do-it-yourself handbook for practitioners: the Standard deals with the principles, not the details, of an outsourcing transaction. For example, ISO 37500 emphasizes the importance of complying with applicable laws during each phase of the outsourcing life cycle, but it does not identify the specific statutes in any countries that must be complied with. Similarly, it includes checklists of issues to illustrate the topics the client and provider should consider in dealing with specific processes or steps, e.g. Annex B (Checklist of potential outsourcing risks per phase) and Annex F (Phase 2 Examples of agreement topics), but does not include template documents. The established outsourcing standards that provide detailed transactional guidance will not be superseded by ISO 37500 although they will have to adapt to it. As a comprehensive guide to outsourcing that includes a vocabulary to encourage consistent discussion, it is likely that ISO 37500 will be adopted widely and bring a degree of standardization to the global outsourcing market. This is especially true in Europe, because of the heavy involvement of European standards’ organizations in its development. Although it remains to be seen how the Standard will be applied in Canada, Dr. Babin expects that it will play an important role here:
“I am convinced that ISO 37500 will play a significant role in Canadian outsourcing: the level of support we received from Canadian regulators, organizations and industry participants during the development of the ISO standard suggests that it will be well received and utilized in Canada. The standard responds to Canadian businesses’ need for a consistent terminology to talk about outsourcing and common principles to apply, especially in international transactions, and it is likely to become the lingua franca of the Canadian and indeed the global IT and business outsourcing market.”
Although the American National Standards Institute (ANSI) did not participate in the work of ISO Technical Committee 259 that developed ISO 37500, there have been suggestions that the Standard will influence outsourcing in the United States as U.S. companies doing business in Europe and Canada will be forced to adopt the standard for international transactions of which they are a part or otherwise indicate that their outsourcing practices are compliant with the Standard. III. Implications of ISO 37500 It will be important for lawyers to learn about the Standard. In identifying the issues that clients need to think about at various stages of an outsourcing transaction, the Standard is also challenging lawyers to deal with the same issues in drafting Requests for Proposals, developing governance processes and negotiating outsourcing agreements. When ISO discusses an issue distinctly and at length, it will not be open to lawyers to ignore the issue or assume it covered as part of some other aspect of the transaction. This is illustrated by the importance the Standard attaches to the relationship aspects of outsourcing transaction. Section 5.5.2 of the Standard states:
“The purpose of the ‘develop and maintain joint objectives’ practice is to establish a joint mission statement, an outsourcing roadmap with key milestones and success criteria, along with social and relationship events. In addition to focussing on performance scorecards, metrics, etc., the client and provider should also focus on softer elements, relationship building, partner assimilation and dialogues. A strong relationship is crucial to creating successful outsourcing arrangements … .”
This general observation is supplemented by specific practices that can be included in an outsourcing transaction to foster the appropriate relationships such as:
As the clients are educated to take all of these items into account in their transactions, so to must we as lawyers in the advice we provide and the documents we prepare.
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.