IT Must Clean Up Its Own Supply Chain
With security attacks up and more reliance on outside vendors, a healthy IT supply chain is a requirement.
At a Glance
- IT supply chain is vast and dynamic, so leaders need to dive in and take charge.
- Taking inventory of systems, vendors and their contracts is crucial to maintain a clean supply chain.
- Fixing an unruly supply chain takes time and resources, but the benefits outweigh the hassle.
The COVID-19 pandemic gave us time to reflect on the importance of food and goods supply chains, but supply chains come in many forms.
IT has a supply chain, too. It is the ecosystem of hardware, software, application and cloud vendors that IT does business with and relies upon. How well is IT managing its own supply chain, and what are the supply chain “holes” that IT should address?
The IT Supply Chain and Vendor Management
The first time I thought about IT vendor management was as a newly minted IT manager.
I had asked about a sales system that we supposedly had. It had never been used and was sitting on a shelf in a back room. Sales didn’t recall it. My IT staff didn’t either. We discovered it during a back room “spring cleaning” exercise that we had initiated to get rid of IT’s debris.
When I looked at the software package we found, it bothered me. Weren’t we, in fact, developing a system that did exactly what this one did? Could we have saved our development group time by just using this package? I shared this story with other CIOs and it resonated. Everyone could recount a similar situation. That was when I started thinking about vendor and IT supply chain management.
What Exactly is IT Supply Chain Management?
The hardware, software, training, networks, tools, consulting, etc., that IT uses are all part of a technology supply chain that IT uses. It is estimated that the average company uses 12 different core systems.
This doesn't account for IT services such as training or consulting It also doesn’t consider key elements such as cloud services, networks, telecommunications, HVAC systems, system utilities and hardware. When you sum these up, the average company has an IT ecosystem that is vast and varied. It’s easy to see how pieces of this ecosystem can get lost, and unused or poorly optimized, even though IT is continually paying license fees for them. This is where budget bleed sets in -- because you’re outputting dollars for products and services, that you’re not fully utilizing.
How can you change this?
Take Stock of Your Supply Chain and Find the Holes
First, take an inventory of every IT service and asset that you’re using. We never would have known about the sales software occupying shelf space in the back room if we hadn’t conducted a full inventory of the IT products and services we had. In the process, we discovered sales software that wasn’t being used at all, and we saw other hardware, software and services that were barely being utilized.
We went through the IT vendor contracts and found that several were missing altogether. In other cases, contracts were signed and in force, but when we looked at the fine print, there were no SLAs and had provisions for contract termination. In some cases, we hadn’t spoken to vendors for years.
To be fair, there were quite a few IT supply chain areas where we were doing just fine, but we wanted to do better. We felt we could improve by identifying supply chain holes and fixing them.
These supply chain holes came in several varieties:
There were IT assets and services that weren’t being actively used, but were still in the budget.
There were some vendor contracts that were missing from our files. In other cases, contracts lacked SLAs or clear termination clauses.
We had instances of vendor lock-in that limited our agility.
In some cases, we weren’t actively communicating with vendors, and we weren’t clear on what the vendors’ future product and service directions were or how they aligned with ours.
We had future IT needs that our current supply chain couldn’t fill.
In some cases, products and services we were using were not achieving the levels of reliability, security or governance that we wanted.
Take Corrective Action
I started this project with the leads for operations, networks, applications and data. Each assigned staff to collect information on IT assets in their areas, and to compile a list of holes. Once we had the total list of our supply chain target areas, we met as a group to develop a strategy.
This is what we came up with:
We wanted to immediately cancel or serve notice on vendor contracts for any IT assets that we weren’t using, or that were barely used. These assets would be moved off the budget as soon as possible. We also assessed why these assets were being underused. Was some other software doing the job? Or had a particular need gone away?
We performed a full supplier contract review. This was more difficult than we thought because some contracts were missing. Swallowing our pride, we contacted vendors for contract copies. In other cases, contracts were located and were carefully reviewed. In one case where a vendor had proven itself to be unreliable, we discovered that the contract was open-ended with no written termination clause. We conferred with an attorney as to how to end the contract. In other cases, the boilerplate contracts of vendors contained no SLA commitments, so we made notes to revisit these contracts with vendors and to add SLAs where needed.
We identified mission-critical vendors, and discovered that in most cases, we hadn’t been meeting regularly with these vendors. We scheduled vendor meetings to review performance and to set SLAs.
Risk management was another supply chain issue that we identified. We explored whether there were major vendors that had us “locked in” to their solution, and where it would be difficult to leave if we had to. Who were these vendors, and did we need to remain locked in? If not, what steps should we take? Were any of our mission-critical suppliers risk points in our supply chain? Were they vulnerable to being acquired, and could this change service levels? Were they able to meet our security and governance standards?
Finally, there was the future of our business and our IT. Did each vendor’s product or service roadmap align well with our strategic direction? Were we regularly communicating with vendors about our future technology needs? Were there vendors that seemed to be falling behind the technology curve?
Staying on Top of the IT Supply Chain
At the end of our supply chain “clean up” exercise, we were pleased that we had gained a good handle on our vendor services and products. This would enable us to operate more efficiently. We were also determined to never fall into this supply chain quagmire again! To avoid that, we created a set of ongoing supply chain management practices designed to maintain our supply chain on a regular basis.
We met regularly with vendors, designed a “no exceptions” contract review as part of every RFP process, and no longer settled for boilerplate vendor contracts that didn’t have expressly stated SLAs.
We also made it a point to attend key vendor conferences and to actively participate in vendor client forums, because we believed it would give us an opportunity to influence vendor product and service directions so they could better align with our own.
End to end, this exercise consumed time, and resources, but it succeeded in capturing our attention. Attention to IT supply chains is even more relevant today as IT increasingly gets outsourced to the cloud, and as new technologies like IT automation software and AI from third parties provide become even more integral, mission-critical elements of IT.
Read more about:
Supply ChainAbout the Author
You May Also Like