The users depending upon UKCloud (which has gone into administration) to get access to mission critical software and data, could have had a disaster on their hands. But, according to government sources, contingency plans that had already been factored into UKCloud’s contracts, are adequately preventing disruption.
The questions are:
- To what degree do you know how well your own contracts and governance will appropriately keep your ‘business as usual’ running in the event your service provider is unable to continue trading?
- What are the eight key considerations to factor into your contingency planning and how well aligned are your contracts and governance to these key considerations?
Who are UKCloud?
UKCloud was a British company providing multicloud services to the public sector. Founded over a decade ago as Skyscape Cloud Services, it rebranded five years later after a battle over its name with media and telecoms giant Sky. It grew rapidly to over 250 staff, supporting the cloud services needs of clients such as Capgemini, the Ministry of Justice and London Business School.
The company traded under three brands:
- UKCloud Health which looked to support the healthcare sector
- UKCloudX which supported customers in the defence and national security sector; and
- UKCloud which supported local and central government clients.
However, despite additional investment in January 2022, it seems this could not save the organisation which, at the tail end of October, was placed into compulsory liquidation with its parent company, Virtual Infrastructure Group.
Government claims “it’s business as usual”
Despite UKCloud being circa two thirds of the way through an agreement to providing hosting services to public sector customers and being available through several major public sector frameworks, the government has reported that there has been no disruption to client’s reliance on these services, as contingency plans they had in place were able to cope.
Suggesting that maybe the writing had been on the wall for some time, it’s reported that many of UKCloud’s customers had already been moved to other providers; this appears to have reduced the strain on those supporting the remaining few with their necessary transition.
This seems to add validity to a Computer Weekly article in November 2021 titled ‘Cabinet Office slammed after advising users to ditch UKCloud as further investment nears’ which suggested that the decision had already been made to advise public sector clients to move away from UKCloud because there were fears over the company’s financial security.
8 steps to follow to protect your organisation’s interests if your supplier is facing financial challenges
If you identify a potentially terminal financial issue with your supplier, ensuring you already have a plan in place that can seamlessly kick into action to assure continuity, is essential. Separately, if you get wind your supplier is about to, or has already gone to the wall, and this is the moment that you decide to take your rough thoughts on the subject and crystalise them into a defined plan of action… it’s likely already too late to prevent material service disruption.
The following eight steps are a guide to help you build your contingency planning into the formation of your strategic partner relationships:
-
- Independent disaster recovery process
No matter how good your relationships are with your suppliers and how stable they seem, no-one can predict the future, so any organisation may be impacted by disaster. While some suppliers may go through profit warnings and downturns and recover without issue, others may burn bright then fall from grace without much notice at all. That’s why it’s so important to be prepared, to have an ‘on-going tested’ plan already in place should the unthinkable happen. This will involve not only having a process in place, but also an alternate; a backup supplier that is ready, willing and able to take on the responsibility of supporting your services. A great disaster recovery process can be implemented rapidly and smoothly to ensure continuity of service. Choose your back-up partner wisely, stay in touch, even when your primary supplier seems to be fine, update them with any changes to the plan throughout the project, so they’re ready to go at a moment’s notice.
-
- Risk management
The closeness of your relationship with your suppliers will determine your ability to identify issues, or the potential for issues, early enough to deal with them. This is often the responsibility of a carefully resourced Intelligent Client Function (ICF) team. They should be tasked with the role of building commercial trust with their supplier counterparts to better understand what motivates, worries and inspires them. This will help to recognise those ‘canary in the coalmine’ moments where a challenge can be turned around with minimal negative impact.
-
- How carefully did you adhere to your documented and qualifiable risk assessment diligence during your procurement process when on-boarding your supplier?
- What was your process to develop a contract that was clear, fair and had an agreed escalation process in place should challenges occur?
- To what degree does your payment structure align to your service quality?
All of the above will determine the extent to which you are ready, prepared and able to face the dangers posed by a supplier in financial difficulty.
-
- Financial due diligence analysis
It has never been more important to ensure that your supplier is a financially viable partner.
-
- Do their balance sheet and assets reflect the financial stability you need?
- Do they have a healthy cashflow?
- Are they protected by an adequate professional indemnity insurance policy that you can rely on to cover at least some of the costs you’ll have in migrating your services should your supplier fail to make it through the entirety of your project with them?
- Beyond your selection of your supplier, do you have regular financial due diligence checks with them every six months as part of your service reshaping process?
These are all important steps along the way to protecting yourself from the potentially foreseeable financial challenges your supplier may face.
-
- Grab the talent while you can
Your supplier’s processes and systems, software and technology are certainly contributing factors to the success of your relationship, but it is their people that drive the project forward. However, should they get into trouble, it’s those people who you’ll see leaving in greater numbers, potentially leaving you with difficulty being able to rely on a well delivered service. It will be the supplier’s ‘high-fliers’ that will be first to hear of troubles internally: the ones most valuable to your project, who will unfortunately also be the first to be picked off by the competition or other organisations. This might also be an opportunity for you, subject to contractual solicitation restrictions and ‘expert responsibility’ constraints, to put in a few offers of your own to retain the people who you rely on most. Jump in there quickly though, because good talent is always in demand and short supply.
-
- Consult your exit management plan
You will likely have a well governed and regularly updated (ideally, every 6 months as part of your service reshaping process) exit and transition management plan inherent within your existing contract terms. Should you get even a sniff of a terminal issue with your supplier, then you should have enough confidence in this plan to be led by it.
-
- Data protection when you need it most
If a supplier has access to any personal data that you’re responsible for securing, as they often will as a normal part of your working relationship with them, then as soon as you get wind of issues you must activate your GDPR protocol and look to protect that data. GDPR fines for failing to do so can be uncomfortably high and should you receive a fine for a breach of data protection, this poor practice is likely to impact upon your wider reputation with the potential for significant commercial ramifications.
-
- Protecting those outstanding payments
How and when you pay your supplier can determine the motivation leverage you have with them and how financially exposed you are should your supplier be unable to, or become unlikely to be able to, sustainably continue with your services.
-
- Have you paid your supplier in advance of any work or do you usually pay them in arrears?
- Are there any performance or bonus payments due, or have you held back some of the money?
If you owe your supplier but they are not in a position to complete their commitments to you, seek appropriate advice on whether you can legitimately hold onto those funds to offset the not insignificant costs of instructing and on-boarding a new supplier.
-
- Understanding your supplier’s ‘Duty to Warn’
A supplier has a ‘duty to warn’ you of anything – in your stated plans or their capacity – which may prevent them from completing their commitments to you, or could limit the results they have led you to believe were possible. It may or may not be in your written agreement with them, but it is likely to be implied in law if they represented themselves as an “Expert” in their field. Whilst knowledge of how to use these ‘Expert Responsibilities’ is very helpful, diligently constructed contractual and governance agreements that look to protect all parties in all reasonably foreseeable circumstances can be better if constructed appropriately. To make certain that it remains in place, it is important to ensure, throughout your relationship with your supplier, that you do not do anything which may erode their “Expert” legal responsibilities they have with you. Anything you do (or don’t do) which may hold your supplier back, whether in information or action, could be used against you should you need to rely on a ‘duty to warn’ in the courts later on.
Conclusion
What has happened to UKCloud is not a unique event. It is just the latest example of a company that many people and organisations rely on which has reached the end of its commercial viability, leaving some to wonder what they need to do now.
Conducting all the right due diligence at the outset, and even throughout, your relationship with your strategic supplier, is a sensible starting point for protecting your interests, but it can never be a guarantee.
Companies overreach and they get themselves into financial difficulties. There are many ways in which your reliable and solvent supplier can unfortunately let you down. Therefore, it’s vital to have a carefully considered, regularly updated, diligently maintained contingency plan in place.
The government tell us that all is fine. Most UKCloud clients have already moved away from the cloud services provider and those that have not, will be offered alternatives. So, it looks like their back-up plan is working.
