Booklet: Management Section: Management Considerations for Technology Service Providers Subsection: Contracts

Previous Subsection Table of Contents Next Subsection

TSPs and customer financial institutions should negotiate contracts that incorporate the recommended items contained in the IT Handbook’s “Outsourcing Technology Services Booklet”. Financial institutions should negotiate clear, written contracts with sufficient detail to provide assurances for performance, reliability, security, confidentiality, and reporting. A poorly written or inadequately reviewed contract can increase the risk to both the serviced financial institution and the TSP. To avoid or minimize problems in such a contractual arrangement, legal counsel familiar with the terminology and specific requirements of a data processing contract should review it to protect each party’s interests. Since the contract sets the terms of a multi-year understanding between the parties, all items agreed upon during negotiations should be included in the final signed contract.

Contracts establish baseline performance standards for information processing services. In addition, the contract defines each party's responsibilities and liabilities. Institutions may encounter situations where service providers cannot or will not agree to terms that the institution requests to manage the risk effectively. Under these circumstances, institutions should either not contract with that provider or supplement the service provider’s commitments with additional controls to mitigate the risk. If an institution experiences problems obtaining regulatory required revisions to existing contracts, it should notify user groups and its primary regulator for additional support.

Previous Subsection Table of Contents Next Subsection           Home IT Booklets Glossary Resources Presentations