Branimir Valentic
February 7, 2017
Most of the clients I work with are focused on their customers and the services they deliver to them. Accordingly, I always receive a bunch of questions related to the Service Level Agreement (SLA; i.e., the contract an organization has with its customers), which is reasonable. But, what I often witness is that many companies get into trouble with their suppliers because they quite often take them for granted and don’t pay much attention while defining relationships with them.
What does that mean? Well, the fact is that there are situations when your company can’t do everything by itself – you need someone to “jump in.” And, that’s OK. But, to be sure that you are managing third parties, there are a lot of elements that require a serious approach. Both ITIL and ISO 20000 can help you define (and document) your relationships with third parties (or, we usually say – suppliers). There are many common elements, but also some differences between ITIL and ISO 20000.
First of all, you can have the best people managing your IT services throughout their lifecycle (from idea up to operational support in the live environment), including excellent relationships with suppliers, but experience says that sooner or later you will get into a dispute. For example, your understanding of requirements could be different, or the requirements for suppliers are not in line with the company’s responsibilities towards their customers… So, having a written agreement will define the “rules of the game” between you and your suppliers, as well as what to do if someone doesn’t stick to the rules.
Besides the fact that your agreement with a supplier defines your relationship with them, as well as related roles, responsibilities, activities, etc., it is also your basis for further evaluation. For example, if you need a supplier to deliver a certain functionality, check the database with all relevant data about all your suppliers and process the information. It will give you an idea of whom to work with and whom to avoid. Or, talk to colleagues who have experience with a targeted supplier. A prerequisite should be to have a documented agreement and, if possible, feedback or measurements of the supplier’s performance. When I say feedback, I remember a case when quality management inside my company sent a supplier satisfaction survey. Once all the feedback was gathered, we could access the results and gain useful information while evaluating a potential supplier.
ITIL and ISO 20000 have many common requirements (in the case of ISO 20000-1:2011, i.e., Service Management System requirements) and recommendations (in the case of ITIL best practice implementation). Here are few areas covered by both ITIL and ISO 20000, as an example:
Well, when we talk about differences, the biggest one is – naming. ITIL uses “Underpinning Contract” as the document name (for the document that regulates relationships between IT service providers and suppliers), whereas ISO 20000 uses “Contract” (which is, according to its application, named “Supplier Contract”). Additionally, ITIL emphasizes integration of the Supplier Management process (and, consequently, the appropriate contract) with other processes in the scope of ITSM, while ISO 20000 does not. Additionally, ISO 20000 emphasizes the role of sub-suppliers and the IT organization’s obligation to control them.
Let’s see what would be the usual content of the Supplier Agreement. As usual, ISO 20000 sets quite direct requirements about the content of such an agreement (which you need to include if you want to be ISO 20000 certified), while ITIL gives reasoning and details on how to implement it. Besides the ISO 20000 requirements and ITIL recommendations, experience shows that the usual content of the supplier agreement is as follows:
Why bother with all these details, someone could ask? Well, if you have a supplier who is cooperating with you for a longer time, then an agreement may seem obsolete. But, even in that situation, you should have in mind that your company is on the front line towards your customers. If everything is OK with the services you deliver – no one will complain. But, if something goes wrong, your customers will not care whose fault it really is. For them, the answer is clear – it’s yours. And that’s logical because they have the agreement with you.
Whether you can do everything by yourselves, or you need someone else – they don’t care. So, it’s your job and responsibility to protect the services you deliver, and certainly your company’s. An agreement with your suppliers is the right approach. And, sometimes, the only thing you can do.
Click here to see a free preview of an Underpinning Contract template to see what such an agreement looks like.