Outsourcing information systems on a large scale is a difficult challenge. The public sector has seen some spectacular information systems (IS) outsourcing failures. Public officials have come under fire for sloppy management of IS outsourcing engagements and legislators are demanding higher standards of outsourcing practice and more accountability from public sector managers. This paper analyzes a large outsourcing contract for software maintenance services in Alberta, Canada from a risk perspective. This contract offers insights into how one public organization approaches the risks inherent in the practice of IS outsourcing. We use a risk framework and content analysis to identify which risk management strategies are included in the contract and how they are implemented. Although IS outsourcing risk factors are widely acknowledged in the literature, they may not be fully specified in the outsourcing contracts implemented in some public organizations. Our findings highlight some of the differences in the suggestions made in the academic literature on IS outsourcing and the techniques implemented in an actual outsourcing contract to manage the risks inherent in this growing sector of the international economy. We also find that not all risks need to be addressed in the contract to have a successful outsourcing relationship.