SlideShare a Scribd company logo

Vendor_Mgmt_101_IIMC_v2

Download as PPTX, PDF
Steve Markey
Steve Markey
1 of 43
Vendor Management 101 Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor
• Presentation Overview – Vendor Management Overview • General • Processes • Financials • Tools • Service-Level Agreements (SLAs) • Security & Privacy Due Diligence • Business Continuity / Disaster Recovery • Project-based Work Versus Staff Augmentation – Case Studies • SEPTA VVS Vendor Management
• What is Vendor Management? – Process of managing outside firms that provide goods or services. • A process not a procurement task. Vendor Management
• Who Performs Vendor Management? – Dedicated Function • Procurement – Shared Function • Legal • Project Management • Business • IT Security Vendor Management
• Vendor Management Realities – Not All Vendors Are the Same • Cloud • Business Process Outsourcing (BPO) • Outside Counsel • Staff Augmentation – Mirrored Staff Can Really Help • Client Project Manager = Vendor Project Manager – Process Can Be Painful • Divorces Usually Are! – You Need a Written Contract Agreement • Things Go Wrong Vendor Management
• Vendor Management Processes – Onboarding • Business Case • Project Management – Annual Re-evaluation • Syncs to Onboarding – Off-boarding “the Break-up” • Documenting Reasons Why • Cleanup – Badges & Physical Access – Orphaned System Accounts & Data Vendor Management
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
Vendor Management Source: Safari Books
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
Vendor Management Source: NYSE Euronext
Vendor Management Source: NYSE Euronext
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
Source: PMI
• RFP/RFI – RFP • More Prevalent • Drive Structure of Submission • Incumbent/Separate Vendor Can Develop Materials – RFI • Less Prevalent • More Iterative – Flushes Details Out • Usually Feeds Into RFP Process Vendor Management
• Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
Vendor Management
• Annual Re-evaluation – Feed Subsequent Business Cases • Market Assessment – Pricing Points – Low-Cost Leader – Time to Market • Metrics – Aligned with SLA • 360° Feedback – Lessons Learned » Internal & External Processes • Determine Need for Process Improvement – RFP / RFI – Vendor Questionnaire Vendor Management
• Off-boarding “the Break-up” – Documenting the Reasons Why – Cleanup • Badges & Physical Access • Orphaned System Accounts & Data Vendor Management
• Financials – Total Cost of Ownership, TCO • IT = 60%~ Maintenance – Return on Investment, ROI • Internal Mandate – Cost-Benefit Analysis, CBA • Payback Period – Opportunity Cost • Expense of Choosing One Option versus Another – Sunk Cost • Outsourcing Does Not Yield Benefits – Capital versus Operating (Budgets, Expenses) Vendor Management
• Tools – Software • Web Services – Custom Software Traversing Different Networks • Vendor Management System (VMS) – Enterprise Resource Planning (ERP) Module » SAP Ariba eBuyer • Change Management • Project Management • Business Activity Monitoring (BAM) – Call Center Metrics – Artifacts • Microsoft Office® Documents • Adobe PDF® Vendor Management
• Tools – Research • Google • Company Literature (White Papers, Presentations) • Advisory Firms (Gartner, IDC, etc.) Vendor Management
Vendor Management • SLA Overview – What is an SLA? – SLA Best Practices – SLA Lifecycle – Realistic Expectations with SLAs
Vendor Management • What is an SLA? – Temporal Service Contract – Un / Negotiated Bilateral Agreement –Dictates Service Provisions / Expectations / Metrics –Dictates Exit / Divorce Clause(s) –Dictates Refunds, Credits & Surcharges –Dictates Extenuating Circumstances (Force Majeure) – Not An End User License Agreement (EULA) – Not An Operational-Level Agreement (OLA)
Vendor Management • What is an SLA? – Specific Sections –Term –Metrics –Definitions (Outage, Interruption or Failure) –Change Management for SLA –Cause for: –Termination –Refund –Surcharge –Credit
Vendor Management • What is an SLA? – Specific Sections –Cause for: –Credit –Threshold: Outage lasts for x hours / minutes. –Pro-Rated: Rolling credits for downtime. –Percentage: $ per x hours / minutes.
Vendor Management • What is an SLA? – Examples of Metrics –Mean Time To Repair / Recovery (MTTR) –Mean Time Between Failures (MTBR) –Time To Market (TTM) / Time to Implement (TTI) –Backlog Size –Rework Levels –Service Uptime / Availability –Data Throughput –Service Satisfaction –Quality of Service (QoS)
Vendor Management • SLA Best Practices – Use it for Vendor Selection – Adhere to it Internally – Leverage Change Management – Ensure the Metrics & Definitions Are Understood –Have an Attorney Interpret the Language / Verbiage – Get References / Do Research – Educate, Inform & Make Aware – Retain All Contract Documents
Source: IBM
Vendor Management • Realistic Expectations with SLAs – Size Matters – Reputation Matters – Necessary Evil – Vested Interest for Vendor – Outages Happen –Risk Mitigation Versus Risk Removal – Everybody Loses Something In Litigation – Most Cloud Providers SLAs Are Not Negotiable –Amazon, Microsoft, etc. –Smaller Providers Cater to Custom Needs
Vendor Management • Security & Privacy Due Diligence – Existing Certifications / Attestations • SAS 70 Type II / SSAE 16 SOC I-II-III / ISAE 3402 • ISO 27001 / 2 • ISO 27036 • BITS Shared Assessments • PCI DSS • HIPAA / HITECH • COPPA • US Safe Harbor – Others • Generally Accepted Recordkeeping Principles, GARP® • ISO 9000 / 15489 • Capability Maturity Model Integration, CMMi • Better Business Bureau, BBB
Vendor Management • Security & Privacy Due Diligence – Create Your Own Checklist –“Have you been breached?” –“Do you have an Information Security Officer?” – Have an Approved Third Party Assess Them – Place the Sales / Account Person on the Hook –Vested Interest with Commission
Vendor Management • Business Continuity Planning / Disaster Recovery – SLA Should Drive Your –Recovery Time Objective (RTO) –Recovery Point Objective (RPO) – Plans in Place? –Add to Vendor Questionnaire – Annual Testing –Add to Questionnaire –Do They Include Their Vendors?
Vendor Management • Project-based Work Versus Staff Augmentation – Projects –Clearly Defined Scope –Firm Fixed Price –Resource Neutral – Staff Augmentation –Ambiguous Scope –Hourly –Resource Specific – Hybrids –Best of Both Worlds
• Case Study: SEPTA VVS – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps Vendor Management
• Case Study: SEPTA VVS – Background –Southeastern PA Transit Authority –Vehicle Video Surveillance System –2000+ Vehicles & Train Cars –Phased Project – Drivers –100’s of Fraudulent Injury Claims Annually –Employee Behavior Vendor Management
• Case Study: SEPTA VVS – Technologies –GE Security MobileView –NetApp Storage Area Network (SAN) – Limitations –Daily MobileView Storage Capacity –Aggregate Online Storage Vendor Management
• Case Study: SEPTA VVS – Risks –Privacy Laws –Retention Requirements –Security Regulations – Lessons Learned –Understand Strategic Direction of Vendor –Understand Ecosystem –Subcontractors Vendor Management
Vendor Management • Presentation Take Aways – Vendor Management = Iterative Process –Improve Over Time – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
Vendor Management • References • http://my.safaribooksonline.com/book/software-engineering-and- development/project-management/0789731975/managing- vendors/ch21lev1sec5
• Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey

Recommended

Turnarounds & Restructurings -Institute Management Consultants J Davidson
Turnarounds & Restructurings -Institute Management Consultants J DavidsonTurnarounds & Restructurings -Institute Management Consultants J Davidson
Turnarounds & Restructurings -Institute Management Consultants J Davidsonjfdavidson
 
Smart Sl As 9.15.09 Combined
Smart Sl As 9.15.09 CombinedSmart Sl As 9.15.09 Combined
Smart Sl As 9.15.09 Combinedgkoehlinger
 
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlException analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlDan French
 
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...Best Practices/Techniques Operational Turnarounds and Financial Restructuring...
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...jfdavidson
 
HANSA Knowledge Process Outsourcing (KPO) - Corporate Presentation
HANSA Knowledge Process Outsourcing (KPO) - Corporate PresentationHANSA Knowledge Process Outsourcing (KPO) - Corporate Presentation
HANSA Knowledge Process Outsourcing (KPO) - Corporate PresentationHansa
 
Confidence in Financial Control with ACL
Confidence in Financial Control with ACLConfidence in Financial Control with ACL
Confidence in Financial Control with ACLDan French
 
Naveen Derivatives Resume
Naveen Derivatives ResumeNaveen Derivatives Resume
Naveen Derivatives ResumeNaveen Singe Gowda
 
Services Procurement - SOWs Best Practices
Services Procurement - SOWs Best PracticesServices Procurement - SOWs Best Practices
Services Procurement - SOWs Best PracticesPeopleFluent
 

Recommended

Turnarounds & Restructurings -Institute Management Consultants J Davidson
Turnarounds & Restructurings -Institute Management Consultants J DavidsonTurnarounds & Restructurings -Institute Management Consultants J Davidson
Turnarounds & Restructurings -Institute Management Consultants J Davidsonjfdavidson
 
Smart Sl As 9.15.09 Combined
Smart Sl As 9.15.09 CombinedSmart Sl As 9.15.09 Combined
Smart Sl As 9.15.09 Combinedgkoehlinger
 
Exception analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlException analytics - Balancing Risk & Control
Exception analytics - Balancing Risk & ControlDan French
 
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...Best Practices/Techniques Operational Turnarounds and Financial Restructuring...
Best Practices/Techniques Operational Turnarounds and Financial Restructuring...jfdavidson
 
HANSA Knowledge Process Outsourcing (KPO) - Corporate Presentation
HANSA Knowledge Process Outsourcing (KPO) - Corporate PresentationHANSA Knowledge Process Outsourcing (KPO) - Corporate Presentation
HANSA Knowledge Process Outsourcing (KPO) - Corporate PresentationHansa
 
Confidence in Financial Control with ACL
Confidence in Financial Control with ACLConfidence in Financial Control with ACL
Confidence in Financial Control with ACLDan French
 
Naveen Derivatives Resume
Naveen Derivatives ResumeNaveen Derivatives Resume
Naveen Derivatives ResumeNaveen Singe Gowda
 
Services Procurement - SOWs Best Practices
Services Procurement - SOWs Best PracticesServices Procurement - SOWs Best Practices
Services Procurement - SOWs Best PracticesPeopleFluent
 
Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartERAUWebinars
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORAVale Verdesoto
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneERAUWebinars
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Steve Markey
 
Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Steve Markey
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Steve Markey
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedagEsther Mallant
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015Erin Perkins
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnlThuyly Vu
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014ERAUWebinars
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAUWebinars
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1Steve Markey
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friendERAUWebinars
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Steve Markey
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5Steve Markey
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_UglySteve Markey
 
Maotchitim
MaotchitimMaotchitim
Maotchitimjoliff
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALSteve Markey
 
TechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing FundamentalsTechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing FundamentalsTechNexxus, LLC
 
Geek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data ModelingGeek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data ModelingIDERA Software
 

More Related Content

Viewers also liked

Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartERAUWebinars
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneERAUWebinars
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Steve Markey
 
Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Steve Markey
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Steve Markey
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedagEsther Mallant
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015Erin Perkins
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnlThuyly Vu
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014ERAUWebinars
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAUWebinars
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Steve Markey
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friendERAUWebinars
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Steve Markey
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5Steve Markey
 
Maotchitim
MaotchitimMaotchitim
Maotchitimjoliff
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALSteve Markey
 

Viewers also liked (20)

Passion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia EarhartPassion, Persistence, and Patience: The Search for Amelia Earhart
Passion, Persistence, and Patience: The Search for Amelia Earhart
 
MARIA AUXILIADORA
MARIA AUXILIADORAMARIA AUXILIADORA
MARIA AUXILIADORA
 
Alpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the CapstoneAlpha and Omega: Program Outcomes to the Capstone
Alpha and Omega: Program Outcomes to the Capstone
 
Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12Securing_Dbs_in_Cloud_v12
Securing_Dbs_in_Cloud_v12
 
Securing_Medical_Devices_v5
Securing_Medical_Devices_v5Securing_Medical_Devices_v5
Securing_Medical_Devices_v5
 
Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1Cloud_Computing_IIMC_v1
Cloud_Computing_IIMC_v1
 
Presentatie hrm inspiratiedag
Presentatie hrm inspiratiedagPresentatie hrm inspiratiedag
Presentatie hrm inspiratiedag
 
FOJ Marketing 2015
FOJ Marketing 2015FOJ Marketing 2015
FOJ Marketing 2015
 
Na it infographic_fnl
Na it infographic_fnlNa it infographic_fnl
Na it infographic_fnl
 
Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014Webinar Slides-Three Knows to Great Writing Nov 4 2014
Webinar Slides-Three Knows to Great Writing Nov 4 2014
 
ERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China TripERAU Webinar Slides: Global Business Environment--China Trip
ERAU Webinar Slides: Global Business Environment--China Trip
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5Going_Mobile_101_IIMC_v5
Going_Mobile_101_IIMC_v5
 
Cryptov2 v1
Cryptov2 v1Cryptov2 v1
Cryptov2 v1
 
Safety webinar with mark friend
Safety webinar with mark friendSafety webinar with mark friend
Safety webinar with mark friend
 
Secure_Development_ISSA_v4
Secure_Development_ISSA_v4Secure_Development_ISSA_v4
Secure_Development_ISSA_v4
 
e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5e-Discovery_2_Cloud_v5
e-Discovery_2_Cloud_v5
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_Ugly
 
Maotchitim
MaotchitimMaotchitim
Maotchitim
 
ICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINALICS_Cybersecurity_FINAL
ICS_Cybersecurity_FINAL
 

Similar to Vendor_Mgmt_101_IIMC_v2

TechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing FundamentalsTechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing FundamentalsTechNexxus, LLC
 
Geek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data ModelingGeek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data ModelingIDERA Software
 
Operations strategy and startaegic sourcing 0113
Operations strategy and startaegic sourcing 0113Operations strategy and startaegic sourcing 0113
Operations strategy and startaegic sourcing 0113ashish1afmi
 
Session 2 competing on analytics with internal processes
Session 2 competing on analytics with internal processesSession 2 competing on analytics with internal processes
Session 2 competing on analytics with internal processesM.DANIEL MOSES MANO
 
2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit
2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit
2nd exl Quality Oversight Conf Szpindor In Process Vendor AuditStan Szpindor
 
Measuring Long-Run and Nonfinancial Organizational Performance
Measuring Long-Run and Nonfinancial Organizational PerformanceMeasuring Long-Run and Nonfinancial Organizational Performance
Measuring Long-Run and Nonfinancial Organizational Performancenarman1402
 
Operations+strategy+and+competitiveness
Operations+strategy+and+competitivenessOperations+strategy+and+competitiveness
Operations+strategy+and+competitivenessvideoaakash15
 
Steve loos agile operationalizing your org
Steve loos agile operationalizing your orgSteve loos agile operationalizing your org
Steve loos agile operationalizing your orgPaul Ellarby
 
Operation management summary of presentation
Operation management summary of presentationOperation management summary of presentation
Operation management summary of presentationShridhar Lolla
 
RFP Selection Process
RFP Selection ProcessRFP Selection Process
RFP Selection ProcessJoann Martin
 
Aptude's IT Managed Services Webinar
Aptude's IT Managed Services WebinarAptude's IT Managed Services Webinar
Aptude's IT Managed Services Webinaraptude01
 
Six Sigma Session For Production And Project Team By Lt Col Vikram Bakshi
Six Sigma Session For Production And Project Team By Lt Col Vikram BakshiSix Sigma Session For Production And Project Team By Lt Col Vikram Bakshi
Six Sigma Session For Production And Project Team By Lt Col Vikram BakshiLT COLONEL VIKRAM BAKSHI ( RETD)
 

Similar to Vendor_Mgmt_101_IIMC_v2 (20)

TechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing FundamentalsTechNexxus Outsourcing Fundamentals
TechNexxus Outsourcing Fundamentals
 
Geek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data ModelingGeek Sync I Agile Data Management vs. Agile Data Modeling
Geek Sync I Agile Data Management vs. Agile Data Modeling
 
ITIL - introduction to ITIL
ITIL - introduction to ITILITIL - introduction to ITIL
ITIL - introduction to ITIL
 
Operations strategy and startaegic sourcing 0113
Operations strategy and startaegic sourcing 0113Operations strategy and startaegic sourcing 0113
Operations strategy and startaegic sourcing 0113
 
Rise of agile v1
Rise of agile v1Rise of agile v1
Rise of agile v1
 
Session 2 competing on analytics with internal processes
Session 2 competing on analytics with internal processesSession 2 competing on analytics with internal processes
Session 2 competing on analytics with internal processes
 
2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit
2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit
2nd exl Quality Oversight Conf Szpindor In Process Vendor Audit
 
5701918.ppt
5701918.ppt5701918.ppt
5701918.ppt
 
Process mapping v2
Process mapping v2Process mapping v2
Process mapping v2
 
Quality & Risk Management Challenges When Acquiring Enterprise Systems
Quality & Risk Management Challenges When Acquiring Enterprise SystemsQuality & Risk Management Challenges When Acquiring Enterprise Systems
Quality & Risk Management Challenges When Acquiring Enterprise Systems
 
Itilv3
Itilv3Itilv3
Itilv3
 
Itilv3
Itilv3Itilv3
Itilv3
 
Measuring Long-Run and Nonfinancial Organizational Performance
Measuring Long-Run and Nonfinancial Organizational PerformanceMeasuring Long-Run and Nonfinancial Organizational Performance
Measuring Long-Run and Nonfinancial Organizational Performance
 
Operations+strategy+and+competitiveness
Operations+strategy+and+competitivenessOperations+strategy+and+competitiveness
Operations+strategy+and+competitiveness
 
Steve loos agile operationalizing your org
Steve loos agile operationalizing your orgSteve loos agile operationalizing your org
Steve loos agile operationalizing your org
 
Scm future2
Scm future2Scm future2
Scm future2
 
Operation management summary of presentation
Operation management summary of presentationOperation management summary of presentation
Operation management summary of presentation
 
RFP Selection Process
RFP Selection ProcessRFP Selection Process
RFP Selection Process
 
Aptude's IT Managed Services Webinar
Aptude's IT Managed Services WebinarAptude's IT Managed Services Webinar
Aptude's IT Managed Services Webinar
 
Six Sigma Session For Production And Project Team By Lt Col Vikram Bakshi
Six Sigma Session For Production And Project Team By Lt Col Vikram BakshiSix Sigma Session For Production And Project Team By Lt Col Vikram Bakshi
Six Sigma Session For Production And Project Team By Lt Col Vikram Bakshi
 

Vendor_Mgmt_101_IIMC_v2

  • 1. Vendor Management 101 Steven C. Markey,MSIS,PMP,CISSP,CIPP,CISM,CISA,STS-EV,CCSK Principal,nControl,LLC AdjunctProfessor
  • 2. • Presentation Overview – Vendor Management Overview • General • Processes • Financials • Tools • Service-Level Agreements (SLAs) • Security & Privacy Due Diligence • Business Continuity / Disaster Recovery • Project-based Work Versus Staff Augmentation – Case Studies • SEPTA VVS Vendor Management
  • 3. • What is Vendor Management? – Process of managing outside firms that provide goods or services. • A process not a procurement task. Vendor Management
  • 4. • Who Performs Vendor Management? – Dedicated Function • Procurement – Shared Function • Legal • Project Management • Business • IT Security Vendor Management
  • 5. • Vendor Management Realities – Not All Vendors Are the Same • Cloud • Business Process Outsourcing (BPO) • Outside Counsel • Staff Augmentation – Mirrored Staff Can Really Help • Client Project Manager = Vendor Project Manager – Process Can Be Painful • Divorces Usually Are! – You Need a Written Contract Agreement • Things Go Wrong Vendor Management
  • 6. • Vendor Management Processes – Onboarding • Business Case • Project Management – Annual Re-evaluation • Syncs to Onboarding – Off-boarding “the Break-up” • Documenting Reasons Why • Cleanup – Badges & Physical Access – Orphaned System Accounts & Data Vendor Management
  • 7. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 9. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 10. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 11.
  • 12. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 15. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 17. • RFP/RFI – RFP • More Prevalent • Drive Structure of Submission • Incumbent/Separate Vendor Can Develop Materials – RFI • Less Prevalent • More Iterative – Flushes Details Out • Usually Feeds Into RFP Process Vendor Management
  • 18. • Onboarding – Business Case • Feasibility • Risk Assessment • Financial Analysis – Project Management • Project Portfolio Mgmt (PPM), Project Mgmt Office (PMO) • System Development Lifecycle (SDLC) • Funding Gates: Pilot, Proof of Concept (POC) • Procurement: Request for Proposal (RFP), Request for Info (RFI) • Change Management: Requests, Scope, Budget, Schedule Vendor Management
  • 20. • Annual Re-evaluation – Feed Subsequent Business Cases • Market Assessment – Pricing Points – Low-Cost Leader – Time to Market • Metrics – Aligned with SLA • 360° Feedback – Lessons Learned » Internal & External Processes • Determine Need for Process Improvement – RFP / RFI – Vendor Questionnaire Vendor Management
  • 21. • Off-boarding “the Break-up” – Documenting the Reasons Why – Cleanup • Badges & Physical Access • Orphaned System Accounts & Data Vendor Management
  • 22. • Financials – Total Cost of Ownership, TCO • IT = 60%~ Maintenance – Return on Investment, ROI • Internal Mandate – Cost-Benefit Analysis, CBA • Payback Period – Opportunity Cost • Expense of Choosing One Option versus Another – Sunk Cost • Outsourcing Does Not Yield Benefits – Capital versus Operating (Budgets, Expenses) Vendor Management
  • 23. • Tools – Software • Web Services – Custom Software Traversing Different Networks • Vendor Management System (VMS) – Enterprise Resource Planning (ERP) Module » SAP Ariba eBuyer • Change Management • Project Management • Business Activity Monitoring (BAM) – Call Center Metrics – Artifacts • Microsoft Office® Documents • Adobe PDF® Vendor Management
  • 24. • Tools – Research • Google • Company Literature (White Papers, Presentations) • Advisory Firms (Gartner, IDC, etc.) Vendor Management
  • 25. Vendor Management • SLA Overview – What is an SLA? – SLA Best Practices – SLA Lifecycle – Realistic Expectations with SLAs
  • 26. Vendor Management • What is an SLA? – Temporal Service Contract – Un / Negotiated Bilateral Agreement –Dictates Service Provisions / Expectations / Metrics –Dictates Exit / Divorce Clause(s) –Dictates Refunds, Credits & Surcharges –Dictates Extenuating Circumstances (Force Majeure) – Not An End User License Agreement (EULA) – Not An Operational-Level Agreement (OLA)
  • 27. Vendor Management • What is an SLA? – Specific Sections –Term –Metrics –Definitions (Outage, Interruption or Failure) –Change Management for SLA –Cause for: –Termination –Refund –Surcharge –Credit
  • 28. Vendor Management • What is an SLA? – Specific Sections –Cause for: –Credit –Threshold: Outage lasts for x hours / minutes. –Pro-Rated: Rolling credits for downtime. –Percentage: $ per x hours / minutes.
  • 29. Vendor Management • What is an SLA? – Examples of Metrics –Mean Time To Repair / Recovery (MTTR) –Mean Time Between Failures (MTBR) –Time To Market (TTM) / Time to Implement (TTI) –Backlog Size –Rework Levels –Service Uptime / Availability –Data Throughput –Service Satisfaction –Quality of Service (QoS)
  • 30. Vendor Management • SLA Best Practices – Use it for Vendor Selection – Adhere to it Internally – Leverage Change Management – Ensure the Metrics & Definitions Are Understood –Have an Attorney Interpret the Language / Verbiage – Get References / Do Research – Educate, Inform & Make Aware – Retain All Contract Documents
  • 32. Vendor Management • Realistic Expectations with SLAs – Size Matters – Reputation Matters – Necessary Evil – Vested Interest for Vendor – Outages Happen –Risk Mitigation Versus Risk Removal – Everybody Loses Something In Litigation – Most Cloud Providers SLAs Are Not Negotiable –Amazon, Microsoft, etc. –Smaller Providers Cater to Custom Needs
  • 33. Vendor Management • Security & Privacy Due Diligence – Existing Certifications / Attestations • SAS 70 Type II / SSAE 16 SOC I-II-III / ISAE 3402 • ISO 27001 / 2 • ISO 27036 • BITS Shared Assessments • PCI DSS • HIPAA / HITECH • COPPA • US Safe Harbor – Others • Generally Accepted Recordkeeping Principles, GARP® • ISO 9000 / 15489 • Capability Maturity Model Integration, CMMi • Better Business Bureau, BBB
  • 34. Vendor Management • Security & Privacy Due Diligence – Create Your Own Checklist –“Have you been breached?” –“Do you have an Information Security Officer?” – Have an Approved Third Party Assess Them – Place the Sales / Account Person on the Hook –Vested Interest with Commission
  • 35. Vendor Management • Business Continuity Planning / Disaster Recovery – SLA Should Drive Your –Recovery Time Objective (RTO) –Recovery Point Objective (RPO) – Plans in Place? –Add to Vendor Questionnaire – Annual Testing –Add to Questionnaire –Do They Include Their Vendors?
  • 36. Vendor Management • Project-based Work Versus Staff Augmentation – Projects –Clearly Defined Scope –Firm Fixed Price –Resource Neutral – Staff Augmentation –Ambiguous Scope –Hourly –Resource Specific – Hybrids –Best of Both Worlds
  • 37. • Case Study: SEPTA VVS – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps Vendor Management
  • 38. • Case Study: SEPTA VVS – Background –Southeastern PA Transit Authority –Vehicle Video Surveillance System –2000+ Vehicles & Train Cars –Phased Project – Drivers –100’s of Fraudulent Injury Claims Annually –Employee Behavior Vendor Management
  • 39. • Case Study: SEPTA VVS – Technologies –GE Security MobileView –NetApp Storage Area Network (SAN) – Limitations –Daily MobileView Storage Capacity –Aggregate Online Storage Vendor Management
  • 40. • Case Study: SEPTA VVS – Risks –Privacy Laws –Retention Requirements –Security Regulations – Lessons Learned –Understand Strategic Direction of Vendor –Understand Ecosystem –Subcontractors Vendor Management
  • 41. Vendor Management • Presentation Take Aways – Vendor Management = Iterative Process –Improve Over Time – Strategy & Due Diligence Are VERY Important –Must Consider the Business Ecosystem
  • 42. Vendor Management • References • http://my.safaribooksonline.com/book/software-engineering-and- development/project-management/0789731975/managing- vendors/ch21lev1sec5
  • 43. • Questions? • Contact – Email: steve@ncontrol-llc.com – Twitter: @markes1 – LI: http://www.linkedin.com/in/smarkey