It's tempting to choose an outsourcer with an alluringly low price. But remember: many of the new outsourcers have unproven track records and aren't as stable as the companies that have been around for years rather than months. And picking a loser can have excruciating consequences. Just ask Fred Eisenberg, director of information security for Mount Sinai New York University Health, in New York City.

Two years ago, Eisenberg elected to outsource remote Internet access for the group's 4000 physicians and other personnel. The provider he chose was new to using remote Internet access in the health-care industry but said all the right things about capacity and reliability. Talk turned out to be cheap. The outsourcer, whom Eisenberg declines to name, stumbled badly in its performance. The service was frequently down, and the doctors - who had never had remote Internet access before - became frustrated with the long connection times. Not surprisingly, new subscribers to the service stalled at 420 out of a target audience of 4000. When the provider abruptly decided to leave the business, Eisenberg had just 11 weeks to find a new provider.

The biggest mistake they made, Eisenberg says, was initially going with a provider that did not have an established track record in his industry. "[Next] time around, we knew to look for a company that had some history in the field," he says. After an introduction via another business partner, Mount Sinai settled on Aventail of Seattle.

The take-away message from these tales of woe: when it comes to outsourcing new technology, proceed with caution. You may think the outsourcers have all the answers, but too often they don't. You'll need to weigh for yourself the risks of outsourcing a new technology versus holding off on implementing that technology. But when outsourcing is your only choice, avoiding those common mistakes will save you from a painful learning cycle.

Parties to an outsourcing agreement often fail to set the parameters for measuring performance simply because it's a difficult and time-consuming task. The results can be disastrous, says Alison Smith, vice president of infrastructure at the now-defunct dotcom Myspace (previously known as FreeDiskSpace.com) in San Francisco. She speaks from bitter experience. Her company formed a relationship with Massachusetts-based NaviSite to manage the day-to-day operations of its Web site.

At first, Smith says, the relationship was practically a love fest. "Everyone was pals and friends and everyone just wanted the relationship to work," she relates. But things grew difficult as Myspace took off. The dotcom started with two servers and 10 megabits of bandwidth but quickly needed eight servers and 100 megabits of bandwidth, and was adding 10 gigabytes to 12 gigabytes of storage per day. NaviSite found it increasingly difficult to handle the growth, and Smith grew dissatisfied with NaviSite's performance.

That's when it became painfully clear to Smith and her colleagues that they had been operating without a contract that spelled out performance measurements. Everyone had been moving so quickly at the beginning of the deal and there was so much goodwill on both sides, it was hard to believe a stodgy legal document would be required. Consequently, when things started to break down, there were no guidelines to help define performance and satisfaction levels.

"The contract is the most important part of the outsourcing relationship," says Smith. "If it's not in the contract, you'll find it hard to do." When she and her cohorts signed with their next outsourcer, which turned out to be California-based Intira, they insisted on an ironclad contract, complete with service level agreements that link financial penalties to subpar performance, and with detailed security and capacity provisions. Smith suggests that customers define acceptable levels of performance in terms of business relevance. For an e-commerce site, for example, a good metric would be the online customer conversion rate - the rate at which online browsers become online buyers.

Surprisingly, contracts are frequently vague about exactly what the outsourcer's responsibility is versus the customer's. Without a patrollable boundary, neither side knows with certainty what it should be doing. The result: each side blames the other when things inevitably don't get done. The big problem seems to occur when businesses think that outsourcing obviates the need for any kind of corporate technology strategy. Blue Cross's Caron discovered that very thing when he walked into the contract from hell.

"People here thought [the outsourcer] was going to do everything, but it could only do so much and had only so many resources," he says. "Without an internal IT strategy to drive it, [the outsourcer] was faced with a no-win situation." Because nobody took charge of strategy, the result was a sluggish operation operated with minimal oversight. The outsourced IT operation was unresponsive to business needs to the point that it eventually threatened the company's ability to compete.

Companies often go into outsourcing expecting to retain control of how the particulars are carried out. Tempting, yes. But it's a big mistake. Forcing the outsourcer to do it your way prevents your hired gun from doing what it does best - leveraging its own experience and hard-earned best practices. "Outsourcing is the transfer of ownership of a process to a supplier," Everet Group's Bendor-Samuel says. "It's different from consulting, where you own the problem but pay people to try to help you fix it."

One company that Bendor-Samuel knows of outsourced management for all of its desktop computers to EDS. Rather than letting EDS own the process, company executives insisted on retaining control of details such as exactly how many people should be on the project and which equipment they should have. "It was a very unhappy situation, because EDS was prevented from using its best practices," and the customer was frustrated by EDS's attempts to take more control of the situation, Bendor-Samuel explains. Both sides ended up wanting out, which was an expensive proposition for the customer.

Traditional outsourcers often try to persuade companies that only a long-duration agreement justifies the high up-front investment needed to provide great service, says Peter Bendor-Samuel, CEO of the Everest Group, a Dallas-based outsourcing consultancy. "The suppliers are always looking for five- and 10-year contracts, but do we have any idea where e-commerce will be in five years' time? How can we contract for it if we have no idea where it's going?" he asks. Don't be swayed, he warns. Because both business and technology change so rapidly, it does not make sense to have an agreement longer than one or two years.

Long-term contracts can also act as a disincentive for good service, because outsourcers may grow complacent without the hovering threat of a cancelled contract. For example, Blue Cross Blue Shield of Massachusetts discovered that a decades-long relationship with Texas-based EDS was a recipe for lost money and internal dissatisfaction. The company had signed its first deal in the 1970s, when it outsourced its mainframes. Throughout the years, the contract grew to encompass the installation, maintenance and support of its desktop PCs. In the end, EDS had 450 IT people working onsite, while Blue Cross had 150.