|1Introduction||2Serv. Mgmt.||3Principles||4Processes||5Tech Activities||6Organization||7Tech Considerations||8Implementation||9Challenges||Appendeces|
|4.1SC Mgmt||4.2SLM||4.3Capacity Mgmt||4.4Availability Mgmt||4.5 Continuity Mgmt||4.6Security Mgmt||4.7Supplier Mgmt|
It is essential that Supplier Management processes and planning are involved in all stages of the Service Lifecycle, from strategy and design, through transition and operation, to improvement. The complex business demands require the complete breadth of skills and capability to support provision of a comprehensive set of IT services to a business, therefore the use of value networks and the suppliers and the services they provide are an integral part of any end-to-end solution. Suppliers and the management of suppliers and partners are essential to the provision of quality IT services.
The purpose of the Supplier Management process is to obtain value for money from suppliers and to ensure that suppliers perform to the targets contained within their contracts and agreements, while conforming to all of the terms and conditions.
The main objectives of the Supplier Management process are to:
|Figure 4.29 Supplier Management - roles and interfaces|
The Supplier Management process should include:
IT Supplier Management often has to comply with organizational or corporate standards, guidelines and requirements, particularly those of corporate legal, finance and purchasing, as illustrated in Figure 4.29. In order to ensure that suppliers provide value for money and meet their service targets, the relationship between each supplier should be owned by an individual within the service provider organization. However, a single individual may own the relationship for one or many suppliers, as illustrated in Figure 4.29. To ensure that relationships are developed in a consistent manner and that suppliers' performance is appropriately reviewed and managed, roles need to be established for a Supplier Management process owner and a Contracts Manager. In smaller organizations, these separate roles may be combined into a single responsibility.
Ideally the SCD should form an integrated element of a comprehensive CMS or SKMS, recording all supplier and contract details, together with details of the type of service(s) or product(s) provided by each supplier, and all other information and relationships with other associated CIs. The services provided by suppliers will also form a key part of the Service Portfolio and the Service Catalogue. The relationship between the supporting services and the IT and business services they support are key to providing quality IT services.
|Figure 4.30 Supplier Management process|
This information within the SCD will provide a complete set of reference information for all Supplier Management procedures and activities:
The first two elements within the above list are covered within the Service Design stage. The third element is part of Service Transition, and the last two are part of the Service Operation stage and are covered in more detail in those publications.
When dealing with external suppliers, it is strongly recommended that a formal contract with clearly defined agreed and documented responsibilities and targets is established and managed through the stages of its lifecycle, from the identification of the business need to the operation and cessation of the contract:
The business, IT, finance, purchasing and procurement need to work together to ensure that all stages of the contract lifecycle are managed effectively. All areas need to be jointly involved in selecting the solution and managing the ongoing performance of the supplier, with each area taking responsibility for the interests of their own area, whilst being aware of the implications on the organization as a whole. The processes involved in the stages of the contract lifecycle are explained in detail in the following sections.
When selecting a new supplier or contract, a number of factors need to be taken into consideration, including track record, capability, references, credit rating and size relative to the business being placed. In addition, depending on the type of supplier relationship, there may be personnel issues that need to be considered. Each organization should have processes and procedures for establishing new suppliers and contracts.
While it is recognized that factors may exist that influence the decision on type of relationship or choice of supplier (e.g. politics within the organization, existing relationships), it is essential that in such cases the reasoning is identified and the impact fully assessed to ensure costly mistakes are avoided.
Services may be sourced from a single supplier or multi-sourced. Services are most likely to be sourced from two or more competing suppliers where the requirement is for standard services or products that are readily available 'off-the-shelf. Multi-sourcing is most likely to be used where cost is the prime determinant, and requirements for developing variants of the services are low, but may also be undertaken to spread risk. Suppliers on a multi-source list may be designated with 'Preferred Supplier' status within the organization, limiting or removing scope for use of other suppliers.
Partnering relationships are established at an executive level and are dependent on a willingness to exchange strategic information to align business strategies. Many strategically important supplier relationships are now positioned as partnering relationships. This reflects a move away from traditionally hierarchical relationships, where the supplier acts subordinately to the customer organization, to one characterized by:
Both parties derive benefits from partnering. An organization derives progressively more value from a supplier relationship as the supplier's understanding of the organization as a whole increases, from its IT inventory architectures through to its corporate culture, values and business objectives. With time, the supplier is able to respond more quickly and more appropriately to the organization's needs. The supplier benefits from a longerterm commitment from the organization, providing it with greater financial stability, and enabling it to finance longer-term investments, which benefit its customers.
A partnership makes it possible for the parties to align their IT infrastructures. Joint architecture and risk control agreements allow the partners to implement a range of compatible solutions from security, networking, data/information interchange, to workflow and application processing systems. This integration can provide service improvements and lowered costs. Such moves also reduce risks and costs associated with one-off tactical solutions, put in place to bridge a supplier's IT with that of the organization.
The key to a successful partnering relationship is being absolutely clear about the benefits and costs such a relationship will deliver before entering into it. Both parties then know what is expected of them at the outset. The success of the partnership may involve agreeing the transfer of staff to the partner or outsourcing organization as part of the agreement and relationship.
Service provider organizations should have documented and formal processes for evaluating and selecting suppliers based on:
Often other areas of the service provider organization, such as Legal, Finance and Purchasing, will get involved with this aspect of the process. Service provider organizations should have processes covering: Production of business case documents
These processes may, and should be, different, based on the type, size and category of the supplier and the contract.
The nature and extent of an agreement depends on the relationship type and an assessment of the risks involved. A pre-agreement Risk Analysis is a vital stage in establishing any external supplier agreement. For each party, it exposes the risks that need to be addressed and needs to be as comprehensive as practical, covering a wide variety of risks, including financial, business reputation, operational, regulatory and legal.
A comprehensive agreement minimizes the risk of disputes arising from a difference of expectations. A flexible agreement, which adequately caters for its adaptation across the term of the agreement, is maintainable and supports change with a minimum amount of renegotiation.
The contents of a basic underpinning contract or service agreement are as follows:
Service levels must be realistic, measurable and aligned to the organization's business priorities and underpin the agreed targets within SLRs and SLAs.
An extended service agreement may also contain:
The following gives a limited sample of the legal and commercial topics typically covered by a service or contractual agreement:
The final form of an agreement, and some of the terminology, may be dictated by the views and preferences of the procurement and legal departments, or by specialist legal firms.
TipSeek legal advice when formalizing external supply agreements.
Formal contracts are appropriate for external supply arrangements that make a significant contribution to the delivery and development of the business. Contracts provide for binding legal commitments between customer and supplier, and cover the obligations each organization has to the other from the first day of the contract, often extending beyond its termination. A contract is used as the basis for external supplier agreements where an enforceable commitment is required. High-value and/or strategic relationships are underpinned by a formal contract. The formality and binding nature of a contract are not at odds with the culture of a partnering agreement, but rather form the basis on which trust in the relationship may be founded.
A contract is likely to be structured with a main body containing the commercial and legal clauses, and with the elements of a service agreement, as described earlier, attached as schedules. Contracts may also include a number of other related documents as schedules, for example:
Most large organizations have procurement and legal departments specializing in sourcing contracts. Specialist legal firms may be employed to support the internal procurement and legal function when establishing significant formal contracts.
In ITIL an SLA is defined as a 'written agreement between a service provider and the customer(s) that documents agreed service levels for a service'. Service providers should be aware that SLAs are widely used to formalize service-based relationships, both internally and externally, and that while conforming to the definition above, these agreements vary considerably in the detail covered.
Key messageThe views of some organizations, such as the Chartered Institute of Purchase and Supply (CIPS) and various specialist lawyers, are that SLAs ought not to be used to manage external relationships unless they form part of an underlying contract. The Complete Guide to Preparing and Implementing Service Level Agreements (2001) emphasizes that a stand-alone SLA may not be legally enforceable but instead 'represents the goodwill and faith of the parties signing it'. Therefore it is in service providers' and suppliers' interests to ensure that SLAs are incorporated into an appropriate contractual framework that meets the ITIL objective that SLAs are binding agreements.
SLAs, underpinning agreements and contracts should be reviewed on a regular basis to ensure performance conforms to the service levels that have been agreed.
The organization is likely to be dependent on its own internal support groups to some extent. To be able to achieve SLA targets, it is advisable to have formal arrangements in place with these groups. Operational Level Agreements (OLAs) ensure that underpinning services support the business/IT SLA targets. OLAs focus on the operational requirements that the services need to meet. This is a non-contractual, service-oriented document describing services and service standards, with responsibilities and obligations where appropriate.
Just as with SLAs, it is important that OLAs are monitored to highlight potential problems. The Service Level Manager has the overall responsibility to review performance against targets so that action can be taken to remedy, and prevent future recurrence of, any OLA breaches. Depending on the size of the organization and variety of services, e.g. SLAs and OLAs, a Service Level Manager should take responsibility for their service or set of services.
|Figure 4.31 Supplier categorization|
The amount of time and effort spent managing the supplier and the relationship can then be appropriate to its categorization:
Strategically important supplier relationships are given the greatest focus. It is in these cases that Supplier Managers have to ensure that the culture of the service provider organization is extended into the supplier domain so that the relationship works beyond the initial contract. The rise in popularity of external sourcing, and the increase in the scope and complexity of some sourcing arrangements, has resulted in a diversification of types of supplier relationship. At a strategic level, it is important to understand the options that are available so that the most suitable type of supplier relationship can be established to gain maximum business benefit and evolves in line with business needs.
TipTo successfully select the most appropriate type of supplier relationship, there needs to be a clear understanding of the business objectives that are to be achieved.
A number of factors, from the nature of the service to the overall cost, determine the importance of a supplier from a business perspective. As shown later, the greater the business significance of a supplier relationship, the more the business needs to be involved in the management and development of a relationship. A formal categorization approach can help to establish this importance.
The business value, measured as the contribution made to the business value chain, provides a more business-aligned assessment than pure contract price. Also, the more standard the services being procured, the lower the dependence the organization has on the supplier, and the more readily the supplier could be replaced (if necessary). Standardized services support the business through minimal time to market when deploying new or changed business services, and in pursuing cost-reduction strategies. More information on this subject can be found in the Service Strategy publication.
The more customized those services are, the greater the difficulty in moving to an alternative supplier. Customization may benefit the business, contributing to competitive advantage through differentiated service, or may be the result of operational evolution.
Tailored services increase the dependence on the supplier, increase risk and can result in increased cost. From a supplier perspective, tailored services may decrease their ability to achieve economies of scale through common operations, resulting in narrowed margins, and reduced capital available for future investment. Standard products and services are the preferred approach unless a clear business advantage exists, in which case a strategic supplier delivers the tailored service.
TipHigh-value or high-dependence relationships involve greater risks for the organization. These relationships need comprehensive contracts and active relationship management.
Having established the type of supplier, the relationship then needs to be formalized. In the discussion below, the term 'agreement' is used generically to refer to any formalization of a relationship between customer and supplier organizations, and may range from the informal to comprehensive legally binding contracts. Simple, low-value relationships may be covered by a supplier's standard terms and conditions, and be managed wholly by IT. A relationship of strategic importance to the business, on the other hand, requires a comprehensive contract that ensures that the supplier supports evolving business needs throughout the life of the contract. A contract needs to be managed and developed in conjunction with procurement and legal departments and business stakeholders.
TipsThe agreement is the foundation for the relationship. The more suitable and complete the agreement, the more likely it is that the relationship will deliver business benefit to both parties.
The quality of the relationship between the service provider and their supplier(s) is often dependent on the individuals involved from both sides. It is therefore vital that individuals with the right attributes, skills, competencies and personalities are selected to be involved in these relationships.
A business service may depend on a number of internal and/or external suppliers for its delivery. These may include a mixture of strategic suppliers and commodity suppliers. Some suppliers supply directly to the organization; others are indirect or sub-contracted suppliers working via another supplier. Direct suppliers are directly managed by the service provider; indirect or sub-contracted suppliers are managed by the leading supplier. Any one supplier may provide products or services used to support a number of different business services.
Supply chain analysis shows the mapping between business services and supplier services. Analysis of business processes will reveal the suppliers involved in each process and the points of hand-off between them. Management of the supply chain ensures that functional boundaries and performance requirements are clearly established for each supplier to ensure that overall business service levels are achieved. Business services are most likely to meet their targets consistently where there are a small number of suppliers in the supply chain, and where the interfaces between the suppliers in the chain are limited, simple and well-defined.
Reducing the number of direct suppliers reduces the number of relationships that need to be managed, the number of peer-to-peer supplier issues that need to be resolved, and reduces the complexity of the Supplier Management activities. Some organizations may successfully reduce or collapse the whole supply chain around a single service provider, often referred to as a 'prime' supplier. Facilities management is often outsourced to a single specialist partner or supplier, who may in turn subcontract restaurant services, vending machine maintenance and cleaning.
Outsourcing entire business services to a single 'prime supplier' may run additional risks. For these reasons, organizations need to consider carefully their supply chain strategies ahead of major outsourcing activity. The scope of outsourced services needs to be considered to reduce the number of suppliers, whilst ensuring that risk is managed and it fits with typical competencies in the supply market.
The SCD is a database containing details of the organization's suppliers, together with details of the products and services that they provide to the business (e.g. e-mail service, PC supply and installation, Service Desk), together with details of the contracts. The SCD contains supplier details, a summary of each product/service (including support arrangements), information on the ordering process and, where applicable, contract details. Ideally the SCD should be contained within the overall CMS.
SCDs are beneficial because they can be used to promote preferred suppliers and to prevent purchasing of unapproved or incompatible items. By coordinating and controlling the buying activity, the organization is more likely to be able to negotiate preferential rates.
Risk management, working with suppliers, centres on assessing vulnerabilities in each supplier arrangement or contract that pose threats to any aspect of the business, including business impact, probability, customer satisfaction, brand image, market share, profitability, share price or regulatory impacts or penalties (in some industries).
The nature of the relationship affects the degree of risk to the business. Risks associated with an outsourced or strategic supplier are likely to be greater in number, and more complex to manage, than with internal supply. It is rarely possible to 'outsource' risk, although sometimes some of the risk may be transferred to the outsourcing organization. Blaming a supplier does not impress customers or internal users affected by a security incident or a lengthy system failure. New risks arising from the relationship need to be identified and managed, with communication and escalation as appropriate.
A substantial risk assessment should have been undertaken pre-contract, but this needs to be maintained in the light of changing business needs, changes to the contract scope, or changes in the operational environment. The service provider organization and the supplier must consider the threats posed by the relationship to their own assets, and have their own risk profile. Each must identify their respective risk owners. In a well functioning relationship, it is possible for much or all of the assessment to be openly shared with the other party. By involving supplier experts in risk assessments, especially in Operational Risk Assessments (ORAs), the organization may gain valuable insights into how best to mitigate risks, as well as improving the coverage of the assessment.
When evaluating risks of disruption to business services or functions, the business may have different priorities for service/function restoration. Business Impact Analysis (BIA) is a method used to assess the impacts on different areas of the business, resulting from a loss of service. Risk assessment and BIA activities relating to suppliers and contracts should be performed in close conjunction with Service Continuity Management, Availability Management and Information Security Management, with a view to reducing the impact and probability of service failure as a result of supplier or supplier service failure.
Once these activities have been completed and the supplier and contract information has been input into the SCD, including the nominated individuals responsible for managing the new supplier and/or contracts, frequency of service/supplier review meetings and contractual review meetings needs to be established, with appropriate break points, automated thresholds and warnings in place. The introduction of new suppliers and contracts should be handled as major changes through transition and into operation. This will ensure that appropriate contacts and communication points are established.
There may be a conflict of interest between the service provider organization and their supplier, especially with regard to the Change Management, Incident Management Problem Management and Configuration Management processes. The supplier may want to use their processes and systems, whereas the service provider organization will want to use their own processes and systems. If this is the case, clear responsibilities and interfaces will need to be defined and agreed.
These and many other areas need to be addressed to ensure smooth and effective working at an operational level. To do so, all touch points and contacts need to be identified and procedures put in place so that everyone understands their roles and responsibilities. This should include identification of the single, nominated individual responsible for ownership of each supplier and contract. However, an organization should take care not to automatically impose its own processes, but to take the opportunity to learn from its suppliers.
ExampleA contract had been awarded for a customized Stores Control System for which the organization's IT department had developed processes to support the live service once it was installed. This included procedures for recording and documenting work done on the service by field engineers (e.g. changes, repairs, enhancement and reconfigurations). At a project progress meeting, the supplier confirmed that they had looked at the procedures and could follow them if required. However, having been in this situation many times before, they had already developed a set of procedures to deal with such events. These procedures were considerably more elegant, effective and easier to follow than those developed and proposed by the organization.
In addition to process interfaces, it is essential to identify how issues are handled at an operational level. By having clearly defined and communicated escalation routes, issues are likely to be identified and resolved earlier, minimizing the impact. Both the organization and the supplier benefit from the early capture and resolution of issues.
Both sides should strive to establish good communication links. The supplier learns more about the organization's business, its requirements and its plans, helping the supplier to understand and meet the organization's needs. In turn, the organization benefits from a more responsive supplier who is aware of the business drivers and any issues, and is therefore more able to provide appropriate solutions. Close day-to-day links can help each party to be aware of the other's culture and ways of working, resulting in fewer misunderstandings and leading to a more successful and long-lasting relationship.
Two levels of formal review need to take place throughout the contract lifecycle to minimize risk and ensure the business realizes maximum benefit from the contract:
Major service improvement initiatives and actions are controlled through SIPS with each supplier, including any actions for dealing with any failures or weaknesses. Progress of existing SIPS, or the need for a new initiative, is reviewed at service review meetings. Proactive or forward-thinking organizations not only use SIPS to deal with failures but also to improve a consistently achieved service. It is important that a contract provides suitable incentives to both parties to invest in service improvement. These aspects are covered in more detail in the Continual Service Improvement publication.
The governance mechanisms for suppliers and contracts are drawn from the needs of appropriate stakeholders at different levels within each organization, and are structured so that the organization's representatives face-off to their counterparts in the supplier's organization. Defining the responsibilities for each representative, meeting forums and processes ensure that each person is involved at the right time in influencing or directing the right activities.
The scale and importance of the service and/or supplier influence the governance arrangements needed. The more significant the dependency, the greater the commitment and effort involved in managing the relationship. The effort needed on the service provider side to govern an outsourcing contract should not be underestimated, especially in closely regulated industries, such as the finance and pharmaceutical sectors.
A key objective for Supplier Management is to ensure that the value of a supplier to the organization is fully realized. Value is realized through all aspects of the relationship, from operational performance assurance, responsiveness to change requests and demand fluctuations, through to contribution of knowledge and experience to the organization's capability. The service provider must also ensure that the supplier's priorities match the business's priorities. The supplier must understand which of its service levels are most significant to the business.
ExampleA large multi-national company had software agreements in place with the same supplier in no less than 24 countries. By arranging a single global licensing deal with the supplier, the company made annual savings of $5,000,000.
To ensure that all activities and contacts for a supplier are consistent and coordinated, each supplier relationship should have a single nominated individual accountable for all aspects of the relationship.
ExampleA nationwide retail organization had an overall individual owning the management of their major network services supplier. However, services, contracts and billing were managed by several individuals spread throughout the organization. The individual owner put forward a business case for single ownership of the supplier and all the various contracts, together with consolidation of all the individual invoices into a single quarterly bill. The estimated cost savings to the organization were in excess of £600,000 per annum.
Satisfaction surveys also play an important role in revealing how well supplier service levels are aligned to business needs. A survey may reveal instances where there is dissatisfaction with the service, yet the supplier is apparently performing well against its targets (and vice versa). This may happen where service levels are inappropriately defined and should result in a review of the contracts, agreements and targets. Some service providers publish supplier league tables based on their survey results, stimulating competition between suppliers.
For those significant supplier relationships in which the business has a direct interest, both the business (in conjunction with the procurement department) and IT will have established their objectives for the relationship, and defined the benefits they expect to realize. This forms a major part of the business case for entering into the relationship.
These benefits must be linked and complementary, and must be measured and managed. Where the business is seeking improvements in customer service, IT supplier relationships contributing to those customer services must be able to demonstrate improved service in their own domain, and how much this has contributed to improved customer service.
.For benefits assessments to remain valid during the life of the contract, changes in circumstances that have occurred since the original benefits case was prepared must be taken into account. A supplier may have been selected on its ability to deliver a 5% saving of annual operational cost compared with other options, but after two years has delivered no savings. However, where this is due to changes to contract, or general industry costs that would have also affected the other options, it is likely that a relative cost saving is still being realized. A maintained benefits case shows that saving.
Benefits assessments often receive lower priority than cost saving initiatives, and are given less priority in performance reports than issues and problem summaries, but it is important to the long-term relationship that achievements are recognized. A benefits report must make objective assessments against the original objectives, but may also include morale-boosting anecdotal evidence of achievements and added value.
TipIt is important for both organizations, and for the longevity of the relationship, that the benefits being derived from the relationship are regularly reviewed and reported.
An assessment of the success of a supplier relationship, from a business perspective, is likely to be substantially based on financial performance. Even where a service is performing well, it may not be meeting one or both parties' financial targets. It is important that both parties continue to benefit financially from the relationship. A contract that squeezes the margins of a supplier too tightly may lead to under-investment by the supplier, resulting in a gradual degradation of service, or even threaten the viability of supplier. In either case this may result in adverse business impacts to the organization.
The key to the successful long-term Financial Management of the contract is a joint effort directed towards maintaining the financial equilibrium, rather than a confrontational relationship delivering short-term benefits to only one party.
Building relationships takes time and effort. As a result, the organization may only be able to build long-term relationships with a few key suppliers. The experience, culture and commitment of those involved in running a supplier relationship are at least as important as having a good contract and governance regime. The right people with the right attitudes in the relationship team can make a poor contract work, but a good contract does not ensure that a poor relationship team delivers.
A considerable amount of time and money is normally invested in negotiating major supplier deals, with more again at risk for both parties if the relationship is not successful. Both organizations must ensure that they invest suitably in the human resources allocated to managing the relationship. The personality, behaviours and culture of the relationship representatives all influence the relationship. For a partnering relationship, all those involved need to be able to respect and work closely and productively with their opposite numbers.
For high-value, lengthy or complex supply arrangements, the period of contract negotiation and agreement can be lengthy, costly and may involve a protracted period of negotiation. It can be a natural inclination to wish to avoid further changes to a contract for as long as possible. However, for the business to derive full value from the supplier relationship, the contract must be able to be regularly and quickly amended to allow the business to benefit from service developments.
Benchmarking provides an assessment against the marketplace. The supplier may be committed by the contract to maintaining charges against a market rate. To maintain the same margin, the supplier is obliged to improve its operational efficiency in line with its competitors. Collectively, these methods help provide an assessment of an improving or deteriorating efficiency.
The point of responsibility within the organization for deciding to change a supplier relationship is likely to depend on the type of relationship. The service provider .may have identified a need to change supplier, based on the existing supplier's performance, but for a contractual relationship the decision needs to be taken in conjunction with the organization's procurement and legal departments.
The organization should take careful steps to:
A prudent organization undertakes most of these steps at the time the original contract is established, to ensure the right provisions and clauses are included, but this review activity needs to be reassessed when a change of supplier is being considered.
The key interfaces that Supplier Management has with other processes are:
Key elements that can help to avoid the above issues are:
The main CSFs for the Supplier Management process are
The major areas of risk associated with Supplier Management include: