Free UK Outsourcing Agreement (ICT / BPO) Template

OUTSOURCING AGREEMENT

ICT / BPO Outsourcing  ·  SGSA 1982  ·  UK GDPR + DUAA 2025  ·  England And Wales  ·  2026-07-01

This Outsourcing Agreement (the "Agreement") is made on 2026-07-01 between Britannia Mutual Insurance Group plc (Companies House No. 03456789) of Cornhill Tower, 20 Cornhill, London, EC3V 3LP (the "Customer") and Polaris Operations UK Ltd (Companies House No. 11223344) of 155 Bishopsgate, London, EC2M 3TQ (the "Supplier"). The Customer wishes to outsource the Customer service / contact centre BPO described in clause 1 to the Supplier, and the Supplier agrees to provide those services on the terms of this Agreement. This Agreement applies the implied terms of the Supply of Goods and Services Act 1982 and (where the Supplier processes personal data on the Customer's behalf) the UK GDPR + Data Protection Act 2018 read with the Data (Use and Access) Act 2025.

1.1 Services. The Supplier shall provide Customer service / contact centre BPO to the Customer as further described as follows (the "Services"):

End-to-end policyholder customer service operations: inbound contact centre (voice + email + webchat + WhatsApp), claims first-notification handling, mid-term adjustment processing, complaint triage to FOS pre-escalation level, MI reporting and quality assurance. Includes outbound retention campaigns and renewal reminder programme. Operations conducted from a single UK service centre in Manchester with offshore back-office processing in India (subject to international transfer schedule).

1.2 Initial term. This Agreement commences on the date written at the head of it (the "Effective Date") and continues for an initial period of 5 years (the "Initial Term"), and thereafter automatically renews for successive twelve-month periods (each a "Renewal Term") unless terminated by either party giving not less than six (6) months' written notice expiring at the end of the Initial Term or any Renewal Term.

1.3 Transition-in. The Supplier shall transition the Services into operation over a 6-month Transition-In Period commencing on the Effective Date. On expiry of the Transition-In Period, the Supplier shall be in steady-state operation.

1.4 Implied terms. The Supplier shall perform the Services with reasonable care and skill (section 13 of the Supply of Goods and Services Act 1982) and within a reasonable time. The Customer shall cooperate with the Supplier in the conduct of the Services (implied duty of cooperation in long-term contracts per Salt Ship Design AS v Prysmian PowerLink Srl [2021] EWHC 2633 (TCC)).

2.1 Charges. In consideration of the Services, the Customer shall pay the Supplier a fixed monthly base fee of [base fee] plus variable charges as set out in Schedule 1 (Charges) — typical UK mid-market structure for transaction-based services. All charges are exclusive of VAT, which shall be added at the prevailing rate.

2.2 Invoicing. The Supplier shall invoice monthly in arrears against the Services delivered. Each invoice shall include reasonable detail of the charges and any service credits applied.

2.3 Payment. The Customer shall pay each properly rendered invoice within thirty (30) days of receipt. Late payment shall bear interest at the Bank of England base rate plus 8% per annum under the Late Payment of Commercial Debts (Interest) Act 1998, plus the Supplier's reasonable recovery costs.

This Agreement and any dispute or claim (including non-contractual disputes) arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales.

4.1 TUPE applies. The parties acknowledge that the transition of the Services from the Customer (or any prior provider) to the Supplier on the Transfer Date constitutes a service provision change under Regulation 3(1)(b) of the Transfer of Undertakings (Protection of Employment) Regulations 2006 (as amended by the Collective Redundancies and Transfer of Undertakings (Protection of Employment) (Amendment) Regulations 2014). On the Transfer Date, the employment of approximately 147 employees currently engaged in the Services (the "Transferring Employees") shall transfer to the Supplier on their existing terms and conditions.

4.2 Due diligence. Not less than 28 days before the Transfer Date, the Customer shall provide the Supplier with the Employee Liability Information required by Regulation 11 TUPE 2006 — including names, ages, employment particulars, disciplinary / grievance records, accrued holiday and pension benefits, court / tribunal proceedings and any "measures" the Customer envisages taking. The Supplier shall use the information solely for transition planning and shall keep it confidential.

4.3 Pre-transfer information and consultation. Each party shall comply with its obligations under Regulations 13 and 14 TUPE 2006 (information and consultation with employee representatives) and shall cooperate with the other to enable the meaningful consultation required by those provisions.

4.4 Measures. Where either party envisages taking "measures" (such as restructuring, redeployment or harmonisation) in relation to Transferring Employees, that party shall inform the other party and shall consult in good faith on the measures. The Supplier shall not, without the Customer's consent, dismiss any Transferring Employee for an ETO reason within the first ninety (90) days after the Transfer Date.

4.5 Indemnities. The Customer shall indemnify the Supplier against all pre-Transfer Date liabilities in relation to Transferring Employees (including unpaid wages, accrued holiday, pension contributions and tribunal claims rooted in pre-Transfer Date acts). The Supplier shall indemnify the Customer against all post-Transfer Date liabilities and against any failure by the Supplier to comply with TUPE 2006 measures, consultation or pre-transfer information.

4.6 Pension benefits. Pension benefits referable to old-age, invalidity and survivors' benefits transfer under the principle in Beckmann v Dynamco Whicheloe Macfarlane Ltd [2002] ECR I-4893, in addition to the early-retirement rights protected in Martin v South Bank University [2003] EUECJ C-4/01. The Supplier shall consult with the Customer's pension scheme advisers as part of the transition.

5.1 Service hours. The Services are provided 24/7/365.

5.2 Availability SLA. The Supplier shall maintain availability of the Services at 99.9% per calendar month, measured at the boundary of the Supplier's infrastructure.

5.3 Incident response. The Supplier shall meet the following response targets:
  P1 (system unusable / material function unusable): first response within 2 hours; target resolution within twenty-four (24) hours of first response.
  P2 (significant defect, workaround possible): first response within 8 hours; target resolution within five (5) Business Days.
  P3 (minor / cosmetic): first response within two (2) Business Days; resolution in the next scheduled release.

5.4 Service credits. A breach of two (2) or more SLAs in the same calendar month triggers a service credit. Service credits accrue as a percentage of the monthly charges as follows: 5% for the first breach in any calendar month; 10% for the second; 25% for the third (sustained) breach. Aggregate service credits in any calendar month shall not exceed 15% of the monthly charges. Service credits are the Customer's sole financial remedy for SLA breach (without prejudice to termination rights under clause 5.5).

5.5 Termination for chronic failure. The Customer may terminate this Agreement (or any specific Service) on thirty (30) days' written notice if (a) the Supplier fails to meet the availability SLA in three (3) consecutive calendar months, or in five (5) months out of any rolling twelve (12) month period; or (b) the Supplier accrues maximum service credits in three (3) consecutive months. The Customer shall not be required to pay any termination fee in respect of a chronic-failure termination.

6.1 Transition-In Plan. Within thirty (30) days of the Effective Date, the Supplier shall deliver to the Customer a written Transition-In Plan setting out (a) the activities to be performed in the Transition-In Period; (b) the milestones, deliverables and acceptance criteria; (c) the resourcing and responsibility split between Customer and Supplier; (d) the risks and mitigations; (e) the steady-state operation date. The Customer shall review and approve the Transition-In Plan within fifteen (15) Business Days.

6.2 Transition-Out / Exit Assistance. Following expiry or termination of this Agreement (for any reason), the Supplier shall, for a period of up to 18 months, provide the Customer (and any successor supplier nominated by the Customer) with reasonable exit assistance, including: (a) continued provision of the Services; (b) knowledge transfer; (c) data extraction and migration; (d) handover of documentation, configurations and operational logs; (e) introductions to key Supplier personnel.

6.3 Exit costs. Exit assistance is charged at the Supplier's standard time and materials rates, subject to the rate-card in Schedule 3 (Exit Assistance Charges). Reasonable Customer travel and incidental expenses incurred by the Supplier shall be reimbursed at cost.

6.4 Knowledge transfer. The Supplier shall maintain operational documentation (process maps, runbooks, work instructions, troubleshooting guides) in a form that enables a competent successor supplier to take over operation. The Customer shall have ongoing access to this documentation throughout the Term and during the Exit Assistance period. On exit, the Supplier shall hand over the documentation in machine-readable form together with such training and shadowing as the Customer reasonably requests (subject to clause 6.3).

6.5 Benchmarking. The Customer may, every two (2) years from the Effective Date, commission a benchmarking study by an independent benchmarker (an "Approved Benchmarker": Compass Management Consulting Group, Maven Wave, Avasant, Information Services Group (ISG), or any other firm reasonably proposed by the Customer and accepted by the Supplier). The benchmarker shall compare the Supplier's charges and service levels against a comparable peer group of UK outsourcing arrangements. The Customer shall bear the cost of the first benchmarking exercise; the cost of subsequent exercises shall be borne by the Supplier if the benchmark report finds the Supplier's charges to be more than 10% above the market median, otherwise by the Customer. Based on the benchmark report, the Customer may: first, reduce the charges to the benchmark median; secondly, if the Supplier refuses or the reduction is not implemented within ninety (90) days of the benchmark report, the Customer may terminate on six (6) months' notice without termination fee.

7.1 Step-in rights (essential service). The Customer may exercise Step-In Rights at any time on written notice where, in the Customer's reasonable opinion: (a) Service continuity is at risk; (b) the Supplier has committed a Material Breach; (c) the Supplier is in Insolvency or threatens insolvency; or (d) regulatory continuity (e.g. FCA SYSC 13 outsourcing rules) requires Customer intervention. The parties acknowledge section 233B of the Insolvency Act 1986 (as inserted by CIGA 2020) — restrictions on the Supplier's right to terminate or vary "essential supplies" by reason of Customer insolvency are mirrored here for the Customer's benefit.

7.2 Sub-contracting. The Supplier shall obtain the Customer's prior written consent before sub-contracting any material part of the Services (defined as any single sub-contract exceeding 10% of the annual Charges, or the aggregate of sub-contracted services exceeding 25%). Non-material sub-contracting may be made on at least 30 days' notice. The Supplier shall flow down all material obligations and remains liable for sub-contractor acts and omissions.

7.3 Business continuity and disaster recovery. The Supplier shall maintain a documented Business Continuity and Disaster Recovery (BCDR) Plan covering the Services. The Plan shall meet a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hours. The Supplier shall test the BCDR Plan annually and shall provide the test report to the Customer within sixty (60) days of each test. Where the Supplier is an outsourced provider to a UK operator of essential services or an RDSP, it shall comply with the Network and Information Systems Regulations 2018.

7.4 Change control. Either party may request a change to the scope, charges or Service Levels by written Change Request. The Supplier shall, within 5 Business Days, respond with an estimate of time, cost and impact (the "Change Order"). Changes with an aggregate cost impact below £10,000 shall be absorbed by the Supplier at its expense, subject to an annual aggregate cap of £60,000. Changes above the threshold (or above the cap) require the Customer's written acceptance before work commences.

8.1 UK GDPR — Supplier as Processor. The Supplier is a processor of Customer personal data under the UK GDPR and the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025). The parties shall execute an Article 28 Data Processing Addendum (the "DPA") in the form attached as Schedule 4 (or, where not attached, in the Supplier's standard form satisfying Article 28(3) UK GDPR). The Supplier shall implement appropriate technical and organisational measures (Article 32) and shall notify the Customer of any personal data breach without undue delay and in any event within twenty-four (24) hours of becoming aware.

8.2 ADM under DUAA 2025. Where the Supplier operates an automated decision-making (ADM) system that produces legal or similarly significant effects on individuals, the Supplier shall design the system to meet the requirements of Articles 22A-22D of the UK GDPR as inserted by the Data (Use and Access) Act 2025 (SI 2026/82, in force 5 February 2026) — data subject information notice, right to human review on request, meaningful information about the logic involved, significance and envisaged consequences. The Supplier shall document the design decisions for ADM compliance and provide the documentation to the Customer at request.

8.3 International transfers — IDTA. Where the Supplier transfers Customer personal data to a third country, the parties shall execute the UK International Data Transfer Agreement (IDTA) in the form published by the ICO (or such updated form as the ICO publishes from time to time). The Supplier shall conduct a transfer risk assessment (TRA) before each new transfer chain and shall make the TRA available to the Customer on reasonable request.

8.4 Compliance stack. The Supplier warrants and undertakes:

(a) ECCTA 2023 s.199. The Supplier warrants that it has implemented reasonable procedures to prevent the facilitation of fraud by its associated persons under section 199 of the Economic Crime and Corporate Transparency Act 2023 (live for large organisations from 1 September 2025), and shall apply those procedures to the conduct of the Services.

(b) Bribery Act 2010. The Supplier warrants that it has implemented "adequate procedures" to prevent bribery within the meaning of section 7 of the Bribery Act 2010 and shall ensure that all sub-contractors and associated persons comply.

(c) Modern Slavery Act 2015. The Supplier warrants that it has taken reasonable steps to identify and eliminate modern slavery and human trafficking in its operations and supply chain, and (if applicable under section 54 of the Modern Slavery Act 2015) publishes an annual transparency statement.

(d) Criminal Finances Act 2017 Part 3 — CCO. The Supplier warrants that it has implemented reasonable prevention procedures within the meaning of section 45(2) of the Criminal Finances Act 2017 to prevent the facilitation of UK or foreign tax evasion by its associated persons.

(e) Sanctions. The Supplier warrants that it is not, and to the best of its knowledge none of its directors, officers, employees, sub-contractors or associated persons is, subject to any UK, EU, US or UN sanctions, and shall comply with all applicable sanctions laws (including the Sanctions and Anti-Money Laundering Act 2018) in the conduct of the Services.

8.5 FCA / PRA outsourcing rules. Where the Customer is an FCA / PRA regulated firm, the Supplier shall comply with the requirements of FCA SYSC 8 (general outsourcing) and (where applicable) SYSC 13.9 (operational resilience outsourcing) and PRA SS2/21. This includes (a) maintaining the Customer's ability to monitor and audit the Service; (b) maintaining a clear right of access for the FCA / PRA to inspect the Supplier's premises, records and personnel; (c) implementing operational resilience measures appropriate to the importance of the Services to the Customer's regulated business.

8.7 Audit rights. The Customer (or its appointed external auditors) shall, on reasonable notice and no more than twice per Contract Year (save where audit is conducted at the request of a regulator or arises from a material breach), have the right to audit the Supplier's performance of the Services, security controls, data protection compliance and adherence to the compliance stack above. The Supplier shall provide reasonable cooperation, access and information.

9.1 Termination for convenience. The Customer may terminate this Agreement (or any Service) on twelve (12) months' written notice expiring at any time after the second anniversary of the Effective Date (or such other notice period as may be set out in Schedule 5 (Charges)). Any applicable termination fees shall be as set out in Schedule 5.

9.2 Termination for cause. Either party may terminate this Agreement on written notice if the other (a) commits a Material Breach that is not remedied within thirty (30) days of written notice specifying the breach; (b) is subject to an Insolvency Event; (c) ceases (or threatens to cease) to carry on business; or (d) (in the case of the Supplier) loses a material regulatory authorisation required for the Services.

9.3 Consequences of termination. On termination, the Supplier shall (a) cease providing the Services (subject to exit assistance); (b) deliver up Customer Data and Customer Confidential Information; (c) cooperate with knowledge transfer; (d) co-operate in TUPE-back transfer of Transferring Employees (where TUPE applies on exit); and (e) cease using the Customer's name and trade marks save for archived records.

IN WITNESS WHEREOF, the parties have executed this Agreement as of the date indicated.