How to create a good IT outsourcing contract—best practices



Often in IT an outsourcing contract, important questions relating to the provision of software development services are neglected or not treated thoroughly. As a result, the client’s interests are not fully protected. Here is a list of best practices you can expect from a reliable outsourcing partner in a successful outsourcing relationship.


At the first glance, outsourcing contracts for software development services seem to be simple, especially when compared with complex contracts for delivering complete software solutions built from the ground up. The most important things you need to decide on are deliverables and payment criteria.

Still, there are many more matters you need to take into consideration (e.g., different ways the requested service can be delivered) to prepare an outsourcing contract that maintains the contractual balance between an outsourcing service provider and its client.

Let’s take a look at the elements that are indispensable for a good IT outsourcing contract.


A framework agreement: why it is important

Based on our experience, an outsourcing contract for software development services should be in the form of a framework agreement. You should sign one, even if you only plan to carry out a one-off project. A framework agreement is not significantly more complex than a standard outsourcing contract signed for a single project. But it allows for greater flexibility, even when you are planning to complete a single project. For example, you can extend the team or introduce other changes into the way the team works.

An outsourcing services framework agreement defines the general terms and conditions of an agreement, as well as all the processes and procedures that will be subsequently applied to the work done under this agreement. A specific project is launched based on a purchase order that contains detailed information on project scope, team size, deliverables, pricing, etc.

Such an approach allows for greater business agility. As the terms and conditions you have agreed once with your outsourcing vendor will be automatically applied to every new project, you can start a new project much faster—you don’t need to go through the lengthy legal procedures necessary for singing a new contract or add new sections to an existing one.

Additionally, framework agreements are typically signed for an indefinite period of time or for a couple of years, and can be terminated three-month’s notice for any reason. A one-off contract, on the other hand, is usually signed for a definite period of time or for delivering a complete working software solution. You can withdraw from such an agreement or terminate it only if the other party commits a breach of contract specified in the agreement itself.

So, a framework agreement gives you more flexibility a legal perspective too.


How to set up an acceptance and settlement process for the work done

A contracting model is a key section of an outsourcing contract. It should clearly define what the acceptance terms and payment criteria are for the work done.

Depending on who is responsible for project and team management, and for building a project backlog, you can use the time and materials (T&M) or the quoted time and materials (QT&M) model. If you choose the T&M model where the payment is based on the work time reported by team members, you can set up a procedure of work acceptance on a monthly basis. A monthly report should contain not only a simple count of worked hours, but also a summary of tasks, comparing actual time spent on delivering them with estimations. In case of a considerable difference between estimated and actual hours, you can initiate an underperformance procedure.

If a company providing software development services is responsible for building a project backlog, you should use the QT&M model. In this case, the payment can be based on the number, expressed in “story points,” of software functionalities delivered.

For practical reasons, it is good to use a single sprint as a basic settlement unit. In such a sprint, the team delivers the functionalities described in user stories, whose value in terms of “story points” should not be lower than the total number of “story points” predefined for this particular sprint.

Such an approach is very clear and flexible. In a given sprint, you will pay only for those user stories for which acceptance criteria have been met. The total number of story points is converted into working hours defined for a sprint. In this way, payments are based on the overall progress of the project, i.e., the volume of software functionalities delivered and accepted in a single sprint. Of course, payments are also related to the actual number of hours worked, but you pay for the results and not for the developers’ time

To implement this settlement model effectively, it is necessary to set up a process at the team level for estimation of user stories, monitoring work progress and accepting backlog items delivered in a single sprint. This considerably simplifies the way in which the work of the team is reviewed and accepted.

From the client’s point of view, a settlement model based on story points offers clear benefits: a client pays only for the software functionalities actually delivered and accepted. Additionally, it allows for higher flexibility when it comes to the team composition, and a client does not have to bear any unexpected costs or pay for knowledge transfer, etc.

Now, let’s take a look at the key processes and legal elements that a good framework agreement for IT outsourcing services should include.


Key processes to be included in an outsourcing contract

A framework agreement should clearly define how key processes related to software development services are handled. The definition should also include non-standard scenarios, as well as describe processes such as iterative ones that are performed every time a new project begins.


#1 Responding to a client’s request

A framework agreement defines the general terms and conditions of how a provider will work with a client. Therefore, to launch a specific project, a client needs to send a request with a detailed list of services needed. This request contains the specification of the project, e.g. project scope, team size, project timeline, etc. To streamline the process of replying to such client requests, an outsourcing vendor should define a separate process.

In this process, an outsourcing company should brief the client on the wider context of the project: its business goal, specification, the technology stack to be used, and the end solution architecture. All this is crucial to properly define the requirements of the team composition and size and the skills required. Once these elements are defined, an outsourcing company can start building a team. A good practice is to set up a procedure allowing a client to review the team composition and accept it.

It is important that an outsourcing company commits to perform the key actions in this process according to a predefined timeline. In particular, it should set a deadline for providing a detailed analysis of client needs in response to the initial request, proposing a team composition and its skillset, and when the team can start working.


#2 Team onboarding process

At the beginning of the project, it is good to create a checklist of tasks that need to be done to onboard the team effectively and allow it to become fully operational. This checklist should define a team leader, the task scope, the expected outcome and the deadline. Typically, at this preparatory stage of the project you need to deal with administrative tasks such as:

  • providing hardware, software, and tools for team members
  • providing access to IT systems
  • providing physical access to the premises
  • ensuring security, confidentiality, and personal data protection requirements are met, including all necessary legal paperwork


Additionally, you need to introduce the team to the business and the technological context of the project. Such an introductory process is performed at the beginning of the project, but is also repeated when the project team is extended.


#3 The work acceptance and settlement process

You need to define the criteria based on which the project team’s work is accepted, evaluated, and paid for. It is important to do this in a transparent way to avoid any misunderstandings or potential issues between the parties involved. Additionally, non-standard scenarios should also be considered.

When defining the entire settlement process, consider including the following elements:

  • a contractual model (T&M or QT&M)
  • work acceptance criteria
  • software documentation required when accepting the work
  • transfer of the intellectual property rights
  • time period of the settlement
  • pricing
  • settlement procedure and schedule
  • other conditions such as service provider responsibilities and a warranty for the services provided


#4 The performance review

Only rarely is the performance review process defined in framework agreements for software development services. Its goal is to ensure that the work of a project team as a whole and of its individual members is evaluated in a transparent way.

First, you need to implement a tool to automatically measure the velocity and quality of the project team’s work using objective measurement units. In this context, velocity means how fast backlog items estimated for a given number of story points are delivered. Additionally, you will be comparing the actual values (e.g., hours, story points, etc.) with estimations.

Secondly, you need to organize a cyclical review process for team members, usually every one to three months. This will serve to gather feedback, evaluate results from work measurement tools, and check what should be changed or corrected. In particular, during a performance review session, you may find that one or more team members are underperforming and corrective actions need to be taken.

Of course, it goes without saying that the underperformance criteria should be clearly defined in the framework agreement.


#5 The replacement process

To keep the highest business standards, in case of prolonged absence of a team member, his/her resignation or underperformance, an outsourcing service provider should provide a replacement. By default, a client can request a team member to be replaced or resign from this possibility.

In the replacement criteria, you need to define:

  • how much time is needed for finding a new team member
  • when a new team member can start working
  • how project knowledge is transferred between an old and a new team member
  • how to onboard a new team member to the project and when
  • who will cover the costs of replacement


What is also important is that the selection procedure of a new team member and his/her onboarding should be the same as in the case of building a new project team from scratch.

Once key processes are defined in a framework agreement, it is also necessary to regulate certain legal matters to avoid any problems between the parties.


Security and compliance

A carefully crafted framework agreement needs to address all potential risks related to security and compliance, and in particular should regulate how personal and sensitive data is processed. It is best practice to include all security- and compliance-related matters that may arise when providing software development services in a separate appendix to the framework agreement.

In particular, in the framework agreement, you should regulate the following matters:

  • providing physical access to the premises (e.g., access cards)
  • assigning access rights to IT systems
  • defining security measurements at the level of workstations, servers, and cloud services
  • defining how personal data is processed
  • defining security audit procedures
  • preparing documentation necessary to stay compliant with legal regulations, e.g., registers of persons authorized to process personal data or information clauses on personal data processing required under the GDPR regulation



A good framework agreement for outsourcing services should contain a confidentiality section that will describe:

  • the procedure for accessing confidential information
  • which information should be marked as confidential
  • how and for how long sensitive data should be stored
  • sanctions for any breach of confidentiality


A confidentiality agreement should be signed by both the outsourcing company and by all project team members separately. Additionally, based on information gathered from the client, an outsourcing partner should organize training for all project team members explaining what kinds of project-related information (business, financial, technological, etc.) are confidential. This should minimize the risk that confidential information is disclosed by someone through negligence or because of a lack of awareness.

Last but not least, project team members should be advised on the best practices to follow when it comes to information confidentiality and be aware of the consequences a security breach may lead to.



A thoroughly prepared framework agreement should include document templates defining clearly the extent to which intellectual property rights for the software delivered are transferred and when this transfer happens (usually during the work acceptance process).

Most commonly, the rights are first transferred from an outsourcing company’s employees to the company itself. Then, the outsourcing company transfers the intellectual property rights to its client.

It is the responsibility of an outsourcing partner to ensure consistency of the copyright clauses across contracts with its employees and its clients.

As a result, the client is protected by a transparent transfer process of the intellectual property rights and against any third-party claims.



A sound business culture requires the inclusion of non-solicitation clauses in a framework agreement. They should apply to both the service provider and its client and explicitly forbid either from employing the other party’s employees that work on common projects. The time period for which such a non-solicitation clause is valid should have a reasonable length, e.g., 12 months.

Additionally, you can include the option of allowing the client to hire directly the selected project team members on specified terms and with specified remuneration.


A good IT outsourcing contract—takeaways

In a good framework agreement for software development services, you need to address the following questions to ensure that outsourcing relationship works smoothly:

  • choose the QT&M contractual model
  • use “story points” to pay for functionalities that have been actually delivered
  • define the following key processes in your contract:
    • the process of responding to the client’s requests
    • the team onboarding process
    • the work acceptance and settlement process
    • the performance review process
    • the staff replacement process
  • ensure security and compliance requirements are met
  • ensure all project team members are aware of confidentiality requirements
  • define clearly how intellectual property rights are transferred
  • add a non-solicitation clause

Sign up for the newsletter and other marketing communication

The controller of the personal data is FABRITY sp. z o. o. with its registered office in Warsaw; the data is processed for the purpose of sending commercial information and conducting direct marketing; the legal basis for processing is the controller’s legitimate interest in conducting such marketing; Individuals whose data is processed have the following rights: access to data, rectification, erasure or restriction, right to object and the right to lodge a complaint with PUODO. Personal data will be processed according to our privacy policy.

You may also find interesting:

How can we help?

The controller of the personal data is FABRITY sp. z o. o. with its registered office in Warsaw; the data is processed for the purpose of responding to a submitted inquiry; the legal basis for processing is the controller's legitimate interest in responding to a submitted inquiry and not leaving messages unanswered. Individuals whose data is processed have the following rights: access to data, rectification, erasure or restriction, right to object and the right to lodge a complaint with PUODO. Personal data in this form will be processed according to our privacy policy.

You can also send us an email.

In this case the controller of the personal data will be FABRITY sp. z o. o. and the data will be processed for the purpose of responding to a submitted inquiry; the legal basis for processing is the controller’s legitimate interest in responding to a submitted inquiry and not leaving messages unanswered. Personal data will be processed according to our privacy policy.