In ITIL an SLA is defined as a ‘written agreement between a service provider and the customer(s) that documents agreed service levels for a service’. Service providers should be aware that SLAs are widely used to formalize service-based relationships, both internally and externally, and that while conforming to the definition above, these agreements vary considerably in the detail covered.
The views of some organizations, such as the Chartered Institute of Purchase and Supply (CIPS) and various specialist lawyers, are that SLAs ought not to be used to manage external relationships unless they form part of an underlying contract. The Complete Guide to Preparing and Implementing Service Level Agreements (2001) emphasizes that a stand-alone SLA may not be legally enforceable but instead ‘represents the goodwill and faith of the parties signing it’. Therefore it is in service providers’ and suppliers’ interests to ensure that SLAs are incorporated into an appropriate contractual framework that meets the ITIL objective that SLAs are binding agreements.
SLAs, underpinning agreements and contracts should be reviewed on a regular basis to ensure performance conforms to the service levels that have been agreed.
The organization is likely to be dependent on its own internal support groups to some extent. To be able to achieve SLA targets, it is advisable to have formal arrangements in place with these groups. Operational Level Agreements (OLAs) ensure that underpinning services support the business/IT SLA targets. OLAs focus on the operational requirements that the services need to meet. This is a non-contractual, service-oriented document describing services and service standards, with responsibilities and obligations where appropriate.
Just as with SLAs, it is important that OLAs are monitored to highlight potential problems. The Service Level Manager has the overall responsibility to review performance against targets so that action can be taken to remedy, and prevent future recurrence of, any OLA breaches. Depending on the size of the organization and variety of services, e.g. SLAs and OLAs, a Service Level Manager should take responsibility for their service or set of services.
126.96.36.199 Supplier categorization and maintenance of the Supplier and Contracts Database (SCD)
The Supplier Management process should be adaptive and spend more time and effort managing key suppliers than less important suppliers. This means that some form of categorization process should exist within the Supplier Management process to categorize the supplier and their importance to the service provider and the services provided to the business. Suppliers can be categorized in many ways, but one of the best methods for categorizing suppliers is based on assessing the risk and impact associated with using the supplier, and the value and importance of the supplier and their services to the business, as illustrated in Figure 4.31.
Figure 4.31 Supplier categorization
The amount of time and effort spent managing the supplier and the relationship can then be appropriate to its categorization:
Strategically important supplier relationships are given the greatest focus. It is in these cases that Supplier Managers have to ensure that the culture of the service provider organization is extended into the supplier domain so that the relationship works beyond the initial contract. The rise in popularity of external sourcing, and the increase in the scope and complexity of some sourcing arrangements, has resulted in a diversification of types of supplier relationship. At a strategic level, it is important to understand the options that are available so that the most suitable type of supplier relationship can be established to gain maximum business benefit and evolves in line with business needs.
To successfully select the most appropriate type of supplier relationship, there needs to be a clear understanding of the business objectives that are to be achieved.
A number of factors, from the nature of the service to the overall cost, determine the importance of a supplier from a business perspective. As shown later, the greater the business significance of a supplier relationship, the more the business needs to be involved in the management and development of a relationship. A formal categorization approach can help to establish this importance.
The business value, measured as the contribution made to the business value chain, provides a more business-aligned assessment than pure contract price. Also, the more standard the services being procured, the lower the dependence the organization has on the supplier, and the more readily the supplier could be replaced (if necessary). Standardized services support the business through minimal time to market when deploying new or changed business services, and in pursuing cost-reduction strategies. More information on this subject can be found in the Service Strategy publication.
The more customized those services are, the greater the difficulty in moving to an alternative supplier. Customization may benefit the business, contributing to competitive advantage through differentiated service, or may be the result of operational evolution.
Tailored services increase the dependence on the supplier, increase risk and can result in increased cost. From a supplier perspective, tailored services may decrease their ability to achieve economies of scale through common operations, resulting in narrowed margins, and reduced capital available for future investment.
Standard products and services are the preferred approach unless a clear business advantage exists, in which case a strategic supplier delivers the tailored service.
High-value or high-dependence relationships involve greater risks for the organization. These relationships need comprehensive contracts and active relationship management.
Having established the type of supplier, the relationship then needs to be formalized. In the discussion below, the term ‘agreement’ is used generically to refer to any formalization of a relationship between customer and supplier organizations, and may range from the informal to comprehensive legally binding contracts. Simple, low-value relationships may be covered by a supplier’s standard terms and conditions, and be managed wholly by IT. A relationship of strategic importance to the business, on the other hand, requires a comprehensive contract that ensures that the supplier supports evolving business needs throughout the life of the contract. A contract needs to be managed and developed in conjunction with procurement and legal departments and business stakeholders.
The agreement is the foundation for the relationship. The more suitable and complete the agreement, the more likely it is that the relationship will deliver business benefit to both parties.
The quality of the relationship between the service provider and their supplier(s) is often dependent on the individuals involved from both sides. It is therefore vital that individuals with the right attributes, skills, competences and personalities are selected to be involved in these relationships.
A business service may depend on a number of internal and/or external suppliers for its delivery. These may include a mixture of strategic suppliers and commodity suppliers. Some suppliers supply directly to the organization; others are indirect or sub-contracted suppliers working via another supplier. Direct suppliers are directly managed by the service provider; indirect or sub-contracted suppliers are managed by the leading supplier. Any one supplier may provide products or services used to support a number of different business services.
Supply chain analysis shows the mapping between business services and supplier services. Analysis of business processes will reveal the suppliers involved in each process and the points of hand-off between them. Management of the supply chain ensures that functional boundaries and performance requirements are clearly established for each supplier to ensure that overall business service levels are achieved. Business services are most likely to meet their targets consistently where there are a small number of suppliers in the supply chain, and where the interfaces between the suppliers in the chain are limited, simple and well-defined.
Reducing the number of direct suppliers reduces the number of relationships that need to be managed, the number of peer-to-peer supplier issues that need to be resolved, and reduces the complexity of the Supplier Management activities. Some organizations may successfully reduce or collapse the whole supply chain around a single service provider, often referred to as a ‘prime’ supplier. Facilities management is often outsourced to a single specialist partner or supplier, who may in turn sub-contract restaurant services, vending machine maintenance and cleaning.
Outsourcing entire business services to a single ‘prime supplier’ may run additional risks. For these reasons, organizations need to consider carefully their supply chain strategies ahead of major outsourcing activity. The scope of outsourced services needs to be considered to reduce the number of suppliers, whilst ensuring that risk is managed and it fits with typical competencies in the supply market.
The SCD is a database containing details of the organization’s suppliers, together with details of the products and services that they provide to the business (e.g. e-mail service, PC supply and installation, Service Desk), together with details of the contracts. The SCD contains supplier details, a summary of each product/service (including support arrangements), information on the ordering process and, where applicable, contract details. Ideally the SCD should be contained within the overall CMS.
SCDs are beneficial because they can be used to promote preferred suppliers and to prevent purchasing of unapproved or incompatible items. By coordinating and controlling the buying activity, the organization is more likely to be able to negotiate preferential rates.
188.8.131.52 Establishing new suppliers and contracts
Adding new suppliers or contracts to the SCD needs to be handled via the Change Management process, to ensure that any impact is assessed and understood. In most organizations, the SCD is owned by the Supplier Management process or the procurement or purchasing department. The SCD provides a single, central focal set of information for the management of all suppliers and contracts.
Risk management, working with suppliers, centres on assessing vulnerabilities in each supplier arrangement or contract that pose threats to any aspect of the business, including business impact, probability, customer satisfaction, brand image, market share, profitability, share price or regulatory impacts or penalties (in some industries).
The nature of the relationship affects the degree of risk to the business. Risks associated with an outsourced or strategic supplier are likely to be greater in number, and more complex to manage, than with internal supply. It is rarely possible to ‘outsource’ risk, although sometimes some of the risk may be transferred to the outsourcing organization. Blaming a supplier does not impress customers or internal users affected by a security incident or a lengthy system failure. New risks arising from the relationship need to be identified and managed, with communication and escalation as appropriate.
A substantial risk assessment should have been undertaken pre-contract, but this needs to be maintained in the light of changing business needs, changes to the contract scope, or changes in the operational environment.
The service provider organization and the supplier must consider the threats posed by the relationship to their own assets, and have their own risk profile. Each must identify their respective risk owners. In a well-functioning relationship, it is possible for much or all of the assessment to be openly shared with the other party. By involving supplier experts in risk assessments, especially in Operational Risk Assessments (ORAs), the organization may gain valuable insights into how best to mitigate risks, as well as improving the coverage of the assessment.
When evaluating risks of disruption to business services or functions, the business may have different priorities for service/function restoration. Business Impact Analysis (BIA) is a method used to assess the impacts on different areas of the business, resulting from a loss of service. Risk assessment and BIA activities relating to suppliers and contracts should be performed in close conjunction with Service Continuity Management, Availability Management and Information Security Management, with a view to reducing the impact and probability of service failure as a result of supplier or supplier service failure.
Once these activities have been completed and the supplier and contract information has been input into the SCD, including the nominated individuals responsible for managing the new supplier and/or contracts, frequency of service/supplier review meetings and contractual review meetings needs to be established, with appropriate break points, automated thresholds and warnings in place. The introduction of new suppliers and contracts should be handled as major changes through transition and into operation. This will ensure that appropriate contacts and communication points are established.
184.108.40.206 Supplier and Contract Management and performance
At an operational level, integrated processes need to be in place between an organization and its suppliers to ensure efficient day-to-day working practices. For example:
There may be a conflict of interest between the service provider organization and their supplier, especially with regard to the Change Management, Incident Management, Problem Management and Configuration Management processes. The supplier may want to use their processes and systems, whereas the service provider organization will want to use their own processes and systems. If this is the case, clear responsibilities and interfaces will need to be defined and agreed.
These and many other areas need to be addressed to ensure smooth and effective working at an operational level. To do so, all touch points and contacts need to be identified and procedures put in place so that everyone understands their roles and responsibilities. This should include identification of the single, nominated individual responsible for ownership of each supplier and contract. However, an organization should take care not to automatically impose its own processes, but to take the opportunity to learn from its suppliers.
A contract had been awarded for a customized Stores Control System for which the organization’s IT department had developed processes to support the live service once it was installed. This included procedures for recording and documenting work done on the service by field engineers (e.g. changes, repairs, enhancement and reconfigurations). At a project progress meeting, the supplier confirmed that they had looked at the procedures and could follow them if required. However, having been in this situation many times before, they had already developed a set of procedures to deal with such events. These procedures were considerably more elegant, effective and easier to follow than those developed and proposed by the organization.
In addition to process interfaces, it is essential to identify how issues are handled at an operational level. By having clearly defined and communicated escalation routes, issues are likely to be identified and resolved earlier, minimizing the impact. Both the organization and the supplier benefit from the early capture and resolution of issues.
Both sides should strive to establish good communication links. The supplier learns more about the organization’s business, its requirements and its plans, helping the supplier to understand and meet the organization’s needs. In turn, the organization benefits from a more responsive supplier who is aware of the business drivers and any issues, and is therefore more able to provide appropriate solutions. Close day-to-day links can help each party to be aware of the other’s culture and ways of working, resulting in fewer misunderstandings and leading to a more successful and long-lasting relationship.
Two levels of formal review need to take place throughout the contract lifecycle to minimize risk and ensure the business realizes maximum benefit from the contract:
Formal performance review meetings must be held on a regular basis to review the supplier’s performance against service levels, at a detailed operational level. These meetings provide an opportunity to check that the ongoing service performance management remains focused on supporting business needs. Typical topics include:
Major service improvement initiatives and actions are controlled through SIPs with each supplier, including any actions for dealing with any failures or weaknesses. Progress of existing SIPs, or the need for a new initiative, is reviewed at service review meetings. Proactive or forward-thinking organizations not only use SIPs to deal with failures but also to improve a consistently achieved service. It is important that a contract provides suitable incentives to both parties to invest in service improvement. These aspects are covered in more detail in the Continual Service Improvement publication.
The governance mechanisms for suppliers and contracts are drawn from the needs of appropriate stakeholders at different levels within each organization, and are structured so that the organization’s representatives face-off to their counterparts in the supplier’s organization. Defining the responsibilities for each representative, meeting forums and processes ensure that each person is involved at the right time in influencing or directing the right activities.
The scale and importance of the service and/or supplier influence the governance arrangements needed. The more significant the dependency, the greater the commitment and effort involved in managing the relationship. The effort needed on the service provider side to govern an outsourcing contract should not be underestimated, especially in closely regulated industries, such as the finance and pharmaceutical sectors.
A key objective for Supplier Management is to ensure that the value of a supplier to the organization is fully realized. Value is realized through all aspects of the relationship, from operational performance assurance, responsiveness to change requests and demand fluctuations, through to contribution of knowledge and experience to the organization’s capability. The service provider must also ensure that the supplier’s priorities match the business’s priorities. The supplier must understand which of its service levels are most significant to the business.
A large multi-national company had software agreements in place with the same supplier in no less than 24 countries. By arranging a single global licensing deal with the supplier, the company made annual savings of £5,000,000.
To ensure that all activities and contacts for a supplier are consistent and coordinated, each supplier relationship should have a single nominated individual accountable for all aspects of the relationship.
A nationwide retail organization had an overall individual owning the management of their major network services supplier. However, services, contracts and billing were managed by several individuals spread throughout the organization. The individual owner put forward a business case for single ownership of the supplier and all the various contracts, together with consolidation of all the individual invoices into a single quarterly bill. The estimated cost savings to the organization were in excess of £600,000 per annum.
Satisfaction surveys also play an important role in revealing how well supplier service levels are aligned to business needs. A survey may reveal instances where there is dissatisfaction with the service, yet the supplier is apparently performing well against its targets (and vice versa). This may happen where service levels are inappropriately defined and should result in a review of the contracts, agreements and targets. Some service providers publish supplier league tables based on their survey results, stimulating competition between suppliers.
For those significant supplier relationships in which the business has a direct interest, both the business (in conjunction with the procurement department) and IT will have established their objectives for the relationship, and defined the benefits they expect to realize. This forms a major part of the business case for entering into the relationship.
These benefits must be linked and complementary, and must be measured and managed. Where the business is seeking improvements in customer service, IT supplier relationships contributing to those customer services must be able to demonstrate improved service in their own domain, and how much this has contributed to improved customer service.
For benefits assessments to remain valid during the life of the contract, changes in circumstances that have occurred since the original benefits case was prepared must be taken into account. A supplier may have been selected on its ability to deliver a 5% saving of annual operational cost compared with other options, but after two years has delivered no savings. However, where this is due to changes to contract, or general industry costs that would have also affected the other options, it is likely that a relative cost saving is still being realized. A maintained benefits case shows that saving.
Benefits assessments often receive lower priority than cost-saving initiatives, and are given less priority in performance reports than issues and problem summaries, but it is important to the long-term relationship that achievements are recognized. A benefits report must make objective assessments against the original objectives, but may also include morale-boosting anecdotal evidence of achievements and added value.
It is important for both organizations, and for the longevity of the relationship, that the benefits being derived from the relationship are regularly reviewed and reported.
An assessment of the success of a supplier relationship, from a business perspective, is likely to be substantially based on financial performance. Even where a service is performing well, it may not be meeting one or both parties’ financial targets. It is important that both parties continue to benefit financially from the relationship. A contract that squeezes the margins of a supplier too tightly may lead to under-investment by the supplier, resulting in a gradual degradation of service, or even threaten the viability of supplier. In either case this may result in adverse business impacts to the organization.
The key to the successful long-term Financial Management of the contract is a joint effort directed towards maintaining the financial equilibrium, rather than a confrontational relationship delivering short-term benefits to only one party.
Building relationships takes time and effort. As a result, the organization may only be able to build long-term relationships with a few key suppliers. The experience, culture and commitment of those involved in running a supplier relationship are at least as important as having a good contract and governance regime. The right people with the right attitudes in the relationship team can make a poor contract work, but a good contract does not ensure that a poor relationship team delivers.
A considerable amount of time and money is normally invested in negotiating major supplier deals, with more again at risk for both parties if the relationship is not successful. Both organizations must ensure that they invest suitably in the human resources allocated to managing the relationship. The personality, behaviours and culture of the relationship representatives all influence the relationship. For a partnering relationship, all those involved need to be able to respect and work closely and productively with their opposite numbers.
220.127.116.11 Contract renewal and/or termination
Contract reviews must be undertaken on a regular basis to ensure the contract is continuing to meet business needs. Contract reviews assess the contract operation holistically and at a more senior level than the service reviews that are undertaken at an operational level. These reviews should consider:
For high-value, lengthy or complex supply arrangements, the period of contract negotiation and agreement can be lengthy, costly and may involve a protracted period of negotiation. It can be a natural inclination to wish to avoid further changes to a contract for as long as possible. However, for the business to derive full value from the supplier relationship, the contract must be able to be regularly and quickly amended to allow the business to benefit from service developments.
Benchmarking provides an assessment against the marketplace. The supplier may be committed by the contract to maintaining charges against a market rate. To maintain the same margin, the supplier is obliged to improve its operational efficiency in line with its competitors. Collectively, these methods help provide an assessment of an improving or deteriorating efficiency.
The point of responsibility within the organization for deciding to change a supplier relationship is likely to depend on the type of relationship. The service provider may have identified a need to change supplier, based on the existing supplier’s performance, but for a contractual relationship the decision needs to be taken in conjunction with the organization’s procurement and legal departments.
The organization should take careful steps to:
A prudent organization undertakes most of these steps at the time the original contract is established, to ensure the right provisions and clauses are included, but this review activity needs to be reassessed when a change of supplier is being considered.