On October 31, 2014, the International Organization for Standardization (“ISO”) published a new standard ISO 37500:2014 – Guidance on Outsourcing (the “Standard” or “ISO 37500”) to provide general guidance on outsourcing. It is likely that the Standard will impact outsourcing practices in Canada, both because of the comprehensive nature of the Standard and because of Canada’s role in its development. In this note I want to look at ISO 37500 in more detail. The discussion is divided into three parts:
(i) Part I provides some background to the publication of the Standard;
(ii) Part II summarizes ISO 37500’s approach to providing guidance on outsourcing transactions; and
(iii) Part III considers implications of the ISO standard for the legal profession.
More information about the Standard, including how to obtain copies, can be found on ISO’s website.
Development of ISO 37500 was triggered by a request from the Netherlands Standardization Institute to ISO in 2010 that ISO consider developing a new international standard for outsourcing with wide application, i.e. applicable to all forms of outsourcing and not focussed just on Information Technology. A technical committee, ISO Technical Committee 259, Outsourcing (ISO/TC 259), was established in 2011 to guide the development of the standard, with participation from the standards bodies of thirteen countries including Canada but not including the United States[i]. The Technical Committee received input from buyers, service providers, outsourcing advisors and academics over the four years of development and at six plenary sessions.
Canada participated in the Technical Committee through a Mirror Committee established by the Standards Council of Canada, Canada’s representative to ISO. The Mirror Committee consisted of representatives of governments and customers, practitioners and lawyers under the chairmanship of Dr. Rob Babin of the Ted Rogers School of Management at Ryerson University. Members of the committee reviewed draft documents and made suggestions as part of the review process.
In 2013, a draft international outsourcing standard, ISO/DIS 37500, was issued by the Technical Committee for approval by ISO members.[ii] When voting closed in January, 2014, the draft standard had been approved, although it took ten more months for the committee to work through the almost 800 comments that were received and for the standard to be published. Canada was one of the countries that voted in favour of the draft standard and ISO 37500 is now referred to on the Standards Council of Canada website.
II. ISO 37500
It is important to grasp the scope and depth of ISO 37500. It may be easiest to approach this task by first thinking about something unrelated to outsourcing, say a guide for opening and operating a restaurant, where the restaurant guide applies:
(i) to all stages of the restaurant’s development and operation;
(ii) regardless of the size and character of the restaurant (whether an exclusive restaurant serving unique and exotic dishes or a food court fast food outlet);
(iii) whatever type of food is served and in all the countries of the world; and
(iv) to the restaurant owner and to his or her suppliers.
Such a guide would almost certainly begin by discussing the benefits of taking a phased approach to the restaurant project and would probably include a model of the life cycle of a restaurant. And it would likely suggest the early development and continual updating of a comprehensive business plan for the operations of the restaurant.
The guide would also describe the issues to be considered and resolved and the processes to be established during each phase to ensure that the restaurant, when established, was able to attract a clientele, serve appetizing and interesting food and make a profit. There would be a great deal of emphasis placed throughout on the critical importance of having good management/governance practices including checkpoints to review progress against the business plan and of developing and maintaining healthy relationships at a personal level.
What the guide would not do, since it is intended to be universally applicable, is identify statutes that needed to be complied with in any country, suggest possible locations or hours of operation, identify the types of food to be served, provide recipes for individual dishes or include the Michelin rankings for other restaurants. In a sense, the guide would be all about principles and not about the details of any specific restaurant.
In the outsourcing context, this is what ISO 37500 does. It provides a comprehensive guide to organizations about the phases of an outsourcing, the processes that organizations need to implement and the governance that is required to be successful, regardless of the size of the transaction, the industry sector or the activities to be outsourced. As the Introduction to the Standard states:
“[The Standard] aims to provide general guidance for outsourcing for any organization in any sector. It provides a vocabulary for outsourcing practitioners across all industry sectors. It includes typical outsourcing concepts to improve the understanding of all stakeholders, by providing a set of practices that can be used to manage the outsourcing life cycle.”
Like the hypothetical restaurant guide, ISO 37500 is based on a four phase outsourcing life cycle built off effective governance practices:
(i) Outsourcing strategy analysis;
(ii) Initiation and selection;
(iii) Transition; and
(iv) Deliver Value
The Standard describes each of the phases in detail, setting out the processes to be established or activities to be completed during the phase and for each process or activity, key success factors, inputs and outputs. There is an emphasis throughout the phases on identifying the risks involved in outsourcing, preserving the flexibility of outsourcing arrangements and accommodating changing business requirements.
ISO 37500 represents an international standard, the first one, for outsourcing for organizations. What it is not is a do-it-yourself handbook for practitioners: the Standard deals with the principles, not the details, of an outsourcing transaction. For example, ISO 37500 emphasizes the importance of complying with applicable laws during each phase of the outsourcing life cycle, but it does not identify the specific statutes in any countries that must be complied with. Similarly, it includes checklists of issues to illustrate the topics the client and provider should consider in dealing with specific processes or steps, e.g. Annex B (Checklist of potential outsourcing risks per phase) and Annex F (Phase 2 Examples of agreement topics), but does not include template documents. The established outsourcing standards that provide detailed transactional guidance will not be superseded by ISO 37500 although they will have to adapt to it[iii].
As a comprehensive guide to outsourcing that includes a vocabulary to encourage consistent discussion, it is likely that ISO 37500 will be adopted widely and bring a degree of standardization to the global outsourcing market. This is especially true in Europe, because of the heavy involvement of European standards’ organizations in its development. Although it remains to be seen how the Standard will be applied in Canada, Dr. Babin expects that it will play an important role here:
“I am convinced that ISO 37500 will play a significant role in Canadian outsourcing: the level of support we received from Canadian regulators, organizations and industry participants during the development of the ISO standard suggests that it will be well received and utilized in Canada. The standard responds to Canadian businesses’ need for a consistent terminology to talk about outsourcing and common principles to apply, especially in international transactions, and it is likely to become the lingua franca of the Canadian and indeed the global IT and business outsourcing market.”
Although the American National Standards Institute (ANSI) did not participate in the work of ISO Technical Committee 259 that developed ISO 37500, there have been suggestions that the Standard will influence outsourcing in the United States as U.S. companies doing business in Europe and Canada will be forced to adopt the standard for international transactions of which they are a part or otherwise indicate that their outsourcing practices are compliant with the Standard.
III. Implications of ISO 37500
It will be important for lawyers to learn about the Standard. In identifying the issues that clients need to think about at various stages of an outsourcing transaction, the Standard is also challenging lawyers to deal with the same issues in drafting Requests for Proposals, developing governance processes and negotiating outsourcing agreements[iv]. When ISO discusses an issue distinctly and at length, it will not be open to lawyers to ignore the issue or assume it covered as part of some other aspect of the transaction.
This is illustrated by the importance the Standard attaches to the relationship aspects of outsourcing transaction. Section 5.5.2 of the Standard states:
“The purpose of the ‘develop and maintain joint objectives’ practice is to establish a joint mission statement, an outsourcing roadmap with key milestones and success criteria, along with social and relationship events. In addition to focussing on performance scorecards, metrics, etc., the client and provider should also focus on softer elements, relationship building, partner assimilation and dialogues. A strong relationship is crucial to creating successful outsourcing arrangements … .”
This general observation is supplemented by specific practices that can be included in an outsourcing transaction to foster the appropriate relationships such as:
(i) establishing good governance to provide formal and regular management mechanisms leading to the development of positive relationships based on trust (Section 22.214.171.124);
(ii) consideration of the cultural aspects (Section 7.2); and
(iii) minimizing changes in key resources across the transition and delivery phases of any outsourcing transaction (Section 126.96.36.199).
As the clients are educated to take all of these items into account in their transactions, so to must we as lawyers in the advice we provide and the documents we prepare.
[i] The standards bodies of Bulgaria, Canada, Denmark, Finland, France, Germany, India, Malaysia, Netherlands, Russian Federation, South Korea, Spain and the United Kingdom participated to varying degrees in work of the Technical Committee.
The standards bodies of eight other countries (Australia, Czech Republic, Ireland, Israel, Italy, Norway, Poland and Sweden) had Observer status entitling them to work as observers with the right to receive documents and submit comments but not to vote.
[ii] Before an international standard can be issued, ISO requires that a draft international standard be published and that the draft international standard be approved by at least 75% of the member bodies of ISO who vote.
[iii] For example, the implications of ISO 37500 for the International Association of Outsourcing Professionals and their Outsourcing Professional Body of Knowledge (OPBoK) are discussed by Dr. Ron Babin in The Role of ISO 37500 within IAOP’s OPBoK, available at http://www.iaop.org/Firmbuilder/Articles/34/175/3984
[iv] Section 1 of the Standard states that the Standard is intended to be used by “all stakeholders engaged in facilitating the creation and/or management of outsourcing arrangements”.