Pitfalls in Outsourcing Your Website by Eric Goldman

Pitfalls in Outsourcing Your Website
Eric Goldman

Many businesses, even those whose primary business is conducted over the Web, have found it desirable to outsource their website. Some businesses lack the in-house expertise or are unwilling to invest in developing in-house capacity. Other businesses find that the logistics of managing the website distracts their attention from their core competencies. Still others find outsourcing to be cost-effective.

Whatever the case, outsourcing your company’s website is an important decision and one that deserves to be treated with some care. This article helps identify some of the pitfalls that are often encountered when establishing a relationship with a website provider.

Intellectual Property and Development Efforts
Most businesses find it desirable to have the website provider assist in the development of the website. This assistance can be as simple as putting content into HTML, or it can more complicated, such as offering design services, programming site utilities (such as a search engine or hit counter) or Java applets, or integrating the website with back-end databases.

Under U.S. copyright law, the person who hires an independent party to develop intellectual property does not acquire ownership of or an exclusive license to the resulting work product unless the assignment of ownership or exclusive license is in writing. Therefore, if you desire either ownership of or an exclusive license to the developed work product, you will need to specify this in your agreement.

The website provider may resist providing you with either, because many times the website provider will develop proprietary in-house tools which are recycled in many customers’ websites. There is no right answer to the question of “what rights do you need?”, but you should carefully consider the alternatives. The rights to the developed work product may be most pointedly discerned by considering what rights you will need following termination, when the parties go their separate ways.

If your website provider is doing development or customization efforts, you will also want to specify a process for approving the work product. Often this can be done through the use of a “shadow site” where the work product or other changes of the site can be previewed on a password-protected set of pages and approved by designated personnel prior to the work product being uploaded to the publicly-available website.

Hardware, Software and Internet Connection
In a way, success can be one of the worst problems your website encounters. A popular site with lots of traffic can result in persistent slowness or busy signals. Not only can this result in lost online sales, but it can result in lost goodwill for your entire business. Therefore, it is essential that the website’s hardware, software and Internet connection be up to the task.

If you are entering into a short term relationship with your website provider, it may make sense to specifically identify the hardware, software and Internet connection your site will use (e.g., the website will operate on a Sun SPARCStation version ___ running version ___ of Netscape’s CommerceServer and be connected to the Internet via a dedicated T-1 line). It is especially important to specify the minimum size of the Internet connection; many website providers often put too many users on too small an Internet connection.

If the relationship is going to be long term, it will be impossible to determine upfront what the appropriate website infrastructure will be. Therefore, it may make sense to require the website provider to provide a specified minimum level of service. For example, you could require a maximum server response time or a maximum percentage of time when the Internet connection is operating at peak capacity. This would allow the website provider to make its own decisions about what capacity to acquire and when to acquire it based on prevailing needs.

What Services Will Be Provided?
Many website providers offer an a la carte menu of services. In addition to providing the Internet connection and (in most cases) the hardware and software used for the website, website providers will often provide HTML markup, customized programming, checks for dead links, registration with search engines, technical support to you and/or end users and countless other kinds of services. It is important to spell out what services will be available and how the services will be charged. This is particularly important given the industry practice to offer “packages” of bundled services, which make price comparison difficult unless the services included in the package and the cost of services outside of the package are clearly spelled out. By spelling out the services, it may also be possible to “lock in” pricing during the term of the contract, rather than be subject to the website provider’s future pricing schemes.

Two issues that should be dealt with immediately are the website provider’s required format for content delivered to it and the number of times that you may reload the website’s content without incurring extra expense. These issues may expose expensive and unanticipated costs, so it is best to deal with them upfront.

You should also discuss the disposition of server logs, which are the logs of all actions taken by the website server. The server logs, if analyzed properly, can lead to tremendous insights into your customers. Your website provider may be willing to analyze the server logs for you for a fee, but at minimum you should require a copy of the unprocessed server logs in electronic form so that you can perform your own analyses. You may also want to require the website provider to keep the server logs confidential.

If you are going to be purchasing the equipment used in connection with the website, you should consider who will insure the equipment against loss and what will happen to the equipment after termination of the relationship. Also, some website providers use unused capacity on customer-purchased equipment to support other customers; if you do not want this, you should prevent your website provider from doing so.

Service Interruptions
One of the most frightening moments for anyone with a web presence occurs when there is an interruption of service. Regardless of whether your website provider is “at fault” or otherwise in control of the cause of the interruption of service, it is prudent to enumerate the website provider’s duties to respond to an interruption of service.

One possible way to avoid this problem is to require your provider to “mirror” the website at a remote location. In this way, if service is interrupted at one location, the other location or locations can still be accessed without interruption of service.

If mirroring is not used, then obligations should be placed on the website provider to respond within specified response periods. Note that some website providers provide 24 x 7 onsite coverage, while others are notified of a system failure via a beeper. To create an incentive for the website provider to respond to interruptions of service, it may be useful to negotiate a discount from the service fees for downtime or persistent interruption of service. A discount, however, is unlikely to compensate for the corresponding loss of goodwill you are likely to experience with your customers.

On a related issue, it is always a good idea to specify the method and frequency of site backups. Servers can crash at any time, and if there is not a backup copy handy you may need to rebuild your entire website — which may not be possible.

Rights After Termination
The single most important mistake that you can make in outsourcing your website is failing to plan for termination of the relationship. Termination may come about for situations outside of your control (i.e., your provider goes out of business or is doing a poor job) or for situations within your control (i.e., your breach of the agreement, such as the failure to make payments when due). In either case, if you have not planned for this event, your website could go off-line and be unavailable to your customers for some period of time. (While most website providers are scrupulous, it is risky to assume they will be cooperative when the relationship is terminated.)

The first thing you will need to get back into operation is a copy of the website. In some situations you will have provided all the materials to the website provider and therefore will have a full copy in your possession. However, if the website provider is providing any custom work (i.e., HTML markups, site design or programming) or if users are uploading content directly to the website, you will not necessarily have an entire copy of the website. A requirement that the website provider deliver copies of the website to you periodically throughout the course of the relationship and immediately upon termination may seem overly cautious, but it may prove the only way to get your website back up and running promptly. Also, it generally makes sense to require the website provider to keep a copy of your site available online even after termination (typically 30 or 90 days) so that the new site can be properly tested and debugged prior to going live.

Also, as indicated above, if you do not own or have an exclusive license to intellectual property created by the website provider, it is smart to specify the parameters of your use of such intellectual property following termination.

The second key issue to reestablishing your online presence is developing a way to let your users follow you to a new site. If you own your own domain name, it will still be useful to get some assistance from your website provider after termination to transfer the IP address associated with the domain name. If you do not own your domain name, it is essential that a pointer be maintained on your former home page that gives your new address and provides a hypertext link to the new site.

Security and Access Controls
Having an online presence by definition exposes your business to security risks. Hackers are capable of committing many harmful acts online, which can lead to an interference with your business, disclosure or loss of valuable trade secrets and possibly embarrassing public disclosure. Therefore, you will want to require your website provider to take steps to prevent security breaches at every level (in the server interaction with the client, in the server interaction with resources outside of the firewall, and with all resources behind the firewall). While it is unrealistic to expect or require “perfect security”, it is reasonable to put the onus on the website provider to devise and properly implement mechanisms to protect your security.

Also, you may want your website to impose access controls such as password protection. You will want to obligate your website provider to maintain the integrity of these access control devices and use efforts to prevent unauthorized access. You should also discuss with your website provider ways to prevent password-protected pages from being automatically indexed and linked to by the search engine robots and spiders — more than one website has been embarrassed to discover that pages that were behind a password protected page were freely available to the public!

Your website is an important extension of your business and, for businesses based only on the Web, perhaps your most important asset. A poorly designed or executed site, or a site that is difficult or slow to access, can give a poor impression to potential customers, can destroy hard-earned goodwill and possibly can dissuade customers from ever returning to your website. This makes your website provider a major and frequently critical vendor. Therefore, it is worth investing some time and energy into developing a good working relationship–and reducing your agreement to writing–with your website provider. If you carefully consider and properly document your relationship with your website provider, and you avoid the pitfalls described in this article, you should find that your website provider can be a significant factor in your online success.