5 things to keep in mind when signing a contract with an IT provider

The COVID-19 pandemic has shown that not only the medical sector, but also other industries, must undergo accelerated digitization. In the face of the challenges of the future, it is worth thinking about the digital development of your company today. And this is just one of the reasons why business is increasingly turning to IT solutions providers. However, do you actually know, how to ensure that the contract with your software provider protects your interests? Here is our advice!

The great advantage of outsourcing IT services to an external supplier is, above all, much lower project implementation costs and greater time savings than in the case of employing a specialist on your own. You can read about how such a process should proceed in this insight.

Check out below, what you need to pay special attention to when signing a contract with an IT solutions provider.

Project definition: Definition of Ready and Definition of Done

The precise definition of the project will avoid any misunderstandings related to its execution. Two criteria lie at the heart of defining a project: the Definition of Ready (DoR) and the Definition of Done. Both are closely related to agile methodologies, which are nowadays a widely used standard in software development services.

Definition of ready tells you what criteria should be met by the task in order for the development team to start its implementation. The purpose of this criterion is to make sure that all the tasks that need to be performed are clearly and precisely described. Hence, the Definition of Ready includes:

  • purpose of the task – its description in the business or functional context as well as the result of its implementation;
  • subject of the task – that is, the answer to the question whether the task concerns changing an existing functionality or adding a new one? What exactly should be changed, with an indication of details, e.g. description of a use case or a process, as well as a description of the task and the expected method of implementation – what exactly is to be created or changed and how?
  • dependencies – determining whether the implementation of the task depends on other tasks or affects other areas of the system that have not been described in the task;
  • acceptance criteria – defining the criteria that must be met for the task to be considered completed. What resources are needed to complete the task?

Definition of Done is, in turn, a checklist that allows you to supervise the progress of work on your project. The purpose of this criterion is to determine what conditions must be met for the task to be considered complete. Therefore, essentially, the Definition of Done is a collection of answers to the following questions:

  • Has the code been developed for the intended functionalities?
  • Is user history assumption met?
  • Is the design error-free?
  • Have key functionalities been covered by tests?
  • Was the project implemented in a test environment identical to its production platform?
  • Is the functionality compliant with all of the UX assumptions?
  • Has the quality control been carried out, and any possible defects removed?
  • Has the functionality been tested against the acceptance criteria indicated in the Definition of Ready?
  • Has the functionality been approved by the product owner?

A properly drafted contract with an IT service provider should take into account both of the above criteria.


It is worth paying attention to technical details of the project, such as equipment or access to tools with which the IT provider would work, during the first talks, as they may affect the final estimation of costs and resources.

You can decide to use specific tools, e.g. a specific project management tool, or offer your servers or hardware, e.g. computers.

The rules for handing over the hardware and tools should be described in detail in the contract and include a list of the software and hardware issued, along with the technical specifications of each of them. It is also advisable to include a description of the technical condition of the transferred elements.

Duration of the project

The duration of the project should be determined by its specification. The contract may concern a specific task or guarantee long-term cooperation.

Contracts with IT service providers are usually concluded for a fixed period. In their case, it is worth including a clause on the possibility of terminating the contract in the event of dissatisfaction with the service.

The notice period should be sufficient to transfer the services to another provider.


Estimating the duration of tasks is directly related to the duration of the project. It builds customer trust and satisfaction with the progress of work, and enables budget and time control.

Credible estimates, preceded by a detailed analysis carried out by an IT analyst, eliminate the risk of exceeding the project deadlines.

When signing the contract, it is worth paying attention to whether the service provider bears the risk resulting from improper estimation of the work – it should be on their side, because they are responsible for this task.


In order to ensure full protection of data confidentiality, the contract should contain a provision on the obligation to maintain professional secrecy and not to disseminate the received and processed data. It is important that this obligation is not time-limited and does not expire at the end of the contract.

The contractual penalty allows for complete certainty of data confidentiality. However, in order to avoid any misunderstandings, the procedures for the exchange of confidential information and the means of communication should be clearly defined.