Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

ITIL Supplier management – the third party you depend on

According to my personal experience, anything that touches any part of IT infrastructure, or is even placed in close proximity to IT infrastructure, becomes the responsibility of IT. That last part is a joke, of course, but how do you handle equipment, such as tracking of working hours, that is used by the whole company, ordered by HR, provided by a third party and uses IT network service for its operation? When support is needed, HR will first turn to local IT, then to the vendor, and then that well-known Ping-Pong game of responsibility begins: the vendor will claim it’s a network problem, IT will claim that the problem is within the device, or whatever application HR is using, and HR will be left with no choice but to escalate the issue…

For an IT department, one course of action in this case would be simply to include the working hours tracking system in the Service Catalogue, provide it as a service, treat the third-party as a supplier, and request within the organization that in the future, any similar request should be handled through the Change Management process.

Establishing new suppliers within the Supplier Management process

When establishing new suppliers, it represents a new change, and any impact and/or risk associated should be addressed properly, for which the Change Management process is responsible. On the other hand, the scope of the Supplier Management process should include management of all suppliers and contracts that are needed to support parts of the business supporting service or service as the whole. The greater the contribution that a supplier makes to the business value, the more effort should be put into management of the supplier and vice versa. The same principle can be applied to any part of the Service Portfolio that is provided externally – e.g., printing service, Internet Service Provider, etc. This will give you more control over the service performance itself, and enable you to effectively manage the service the same way you’d manage any other provided internally.

Supplier Management process objectives are to: a) obtain value-for-money from supplier and contracts, b) ensure all underpinning contracts and agreements are aligned with business needs (and supported by proper targets in the SLA), c) manage good relationships with suppliers, d) manage supplier performance, e) negotiate and agree on contracts, and f) maintain supplier policy and support the Supplier and Contract Database (SCD).

Each new supplier should be categorized according to the value it brings to the service provided, and the risk that the service in question poses to the business in case of underperformance. As mentioned before, the greater the value (or risk) associated with the supplier, the more time should be dedicated into supplier management.

Supplier categorizationFigure 1 – Supplier categorization

Challenges, Critical success factors, and risks associated with Supplier Management

There are many challenges facing Supplier Management, and some of them have been already mentioned within this article, with many more: 1) working under imposed contract with non-ideal conditions caused by poorly negotiated supplier performance targets, or terms and conditions, 2) interference caused by either party – by running into the other’s party operation, 4) dispute over charges, 5) lack of communication, 6) legacy issues, 7) being tied into long-term contracts with severe penalty charges for early exit, 8) one party using the contract to achieve a win-lose scenario instead of targeting a win-win situation, 9) clearly defined and communicated roles on both sides, 10) and many others. Selecting suppliers with ISO 9001, ISO/IEC 20000 or similar certificate should ease some of the challenges and reduce risks.

When talking about critical success factors, I’d say that the most important one is that the business is protected from poor supplier performance or disruption of service availability. Of course, supporting services and their targets must be aligned with business needs, and clear ownership must be defined and communicated between all parties, as well as potential contractual issues.

For the Supplier Management process, key risks associated can be broken down as: 1) lack of commitment from the business and senior management to the Supplier Management process and procedures, 2) lack of resources and budget for a quality, established Supplier Management process, 3) legacy of badly agreed-upon contracts, 4) suppliers agreeing to impossible targets, 5) suppliers culture being vastly different from your own, 6) suppliers being taken over and personnel changing, 7) excessive bureaucratic contract procedures (on any side), and 8) poor financial process (procurement and purchasing) without Supplier Management process support.

Supplier Management – final words

Supplier Management is an important process within the ITIL Service Lifecycle, as disregarding the IT organization’s size, there is little chance that the organization itself will be able to provide all of the services and their parts on its own. Offloading and depending on someone outside the organization is always a risk, and such process involves many aspects that have to be taken into consideration – business perspective, legal, finance, and IT – before a third party should be entrusted with the contract. Supplier Management depends on support from many parts within the organization, and with their support (or lack thereof), selecting and managing quality suppliers can become either a success story or a bureaucratic nightmare.

To see an example of how to set up a Supplier Management process, download a free preview of the Supplier Management Process template.