Branimir Valentic
March 17, 2015
Sometimes, you can’t do everything alone. As this is valid in life, generally, so it’s valid in managing IT services. There are some parts of the service where you need someone to help you with implementation or operation – be it because you need someone’s expertise, or because someone delivers equipment (e.g., hardware or software) to you. Usually, that’s another organization – a supplier. Supplier Management is a process in the scope of ISO 20000, which manages suppliers and ensures that you receive quality services.
Before we begin, let me remind you to read our article that describes Supplier Management according to ITIL – ITIL Supplier management – the third party you depend on.
What we very often do is focus on the customer, and our delivery to them. And the other side, meaning suppliers, remains “forgotten.” What I want to say is that quite often there is no single responsible person for every supplier, suppliers are not measured, there are no reports, detailed relationship matrix or even requirements that must be fulfilled, etc. And that’s wrong.
On the other side, ISO 20000 can be seen as a “tool” that IT organizations use to manage services they deliver. Or, to be more precise, ISO 20000 is a Service Management System (SMS) standard. When talking about SMS, “manage” means – plan, establish, implement, operate, monitor, review, maintain, and improve. It sound like there is not much left outside its control.
Supplier Management is in the scope of ISO 20000 and is, therefore, one of the managed processes. ISO 20000 emphasizes many parameters that must be taken into consideration regarding suppliers and the scope of Supplier Management.
Figure: There are many relationships between you, customers, suppliers, and their sub-contacted suppliers.
Why? Because you are responsible to your customers. Guess whom they are going to ask if there is something wrong with a part of the service operated by one of your suppliers? You, their service provider. Therefore, you have strong motivation (and obligation, according to ISO 20000) to keep suppliers under control.
It’s crucial that you perform activities in the proper order. What I mean is that you have to have your Service Level Agreement (SLA) parameters and be familiar with them. Once you have them – then you know what to require from suppliers. When you negotiate with suppliers, you should try to agree on stronger criteria than you have in your SLA. For example, if you agreed in the SLA that incidents of priority level 2 will be resolved within 4 hours, and you require support from your supplier in certain areas – you should negotiate within 3 or 3.5 hours for the same priority. In that way you will leave some time for escalation if they are not timely.
Although one of the requirements says that you have to have a (documented) dispute procedure with your suppliers, you should do all that is possible to avoid that procedure. And, all other requirements are there so that you and your supplier don’t end up in dispute. Make the requirements clear to everyone, implement them with care, and manage the process all the time – and results will come.
You can also check out this free ISO 20000 Gap Analysis Tool to check whether you are compliant with the Supplier Management process.