Learn how to source for secure and reliable IT services

The sourcing activities are the first steps on a path of a mostly long term and close relationship with a service provider. It’s often also the first opportunity to exchange expectations, to verify assumptions and the point where you start building a common understanding of the agreement that is being put in place. Including Opsasto requirements in RFI and RFP documents significantly benefits the outcome. In this reader we provide example RFI and RFP questions to cover the Opsasto assurances.

OR READ THE FULL ARTICLE BELOW

sourcing for Operational Readiness

There are significant benefits in
including Opsasto requirements in RFI and RFP documents when sourcing for a new service.

A key success factor of an outsourced service is the quality of the relationship with the service provider. This becomes even more important when services are business critical, these often need to be tailored and you will need to rely on your service provider ability to understand your needs and to deliver. This is well described in KPMG partnership Model[1]

The sourcing activities are the first steps on a path of a mostly long term and close relationship with a service provider. It’s often also the first opportunity to exchange expectations, to verify assumptions and the point where you start building a common understanding of the agreement that is being put in place. The award of a service contract marks a milestone for an upcoming, long term and an often tight relationship between client and service provider.

The RFI and RFP sourcing events are opportunities for both organizations to prepare for successful contract execution. Especially the RFP event provides a stage to build a common understanding, to build a shared vision through the exchange of thoughts, ideas and to align expectation

Understand what you need before seeking it

Shopping is so much easier when we know what we want and what we need. Same goes for sourcing. Procuring a new service is so much more effective when we know what our organisation want and needs. For operational readiness, I recommend to include the following the sourcing packages.

  • Do a Business Impact Assessment (BIA) to determine the impact of a major security or reliability incident?
  • Determine the Criticality, Availability and Integrity (CAI) needs using the BIA insights.
  • Determine the Service Level Requirements using the CAI insights and other business needs
  • Determine the Quality (Non Functional) Requirements
  • Indicate a preference for a delivery model (SaaS, Managed Service, In-house hosting, etc.)
  • Determine if there is a need to integrate/ interface with other systems.
  • Decide if the service provider is expected to be responsible for managing the end-to-end IT Service (i.e. take on the role of Service Integrator).
  • Decide who in your organisation will be end-to-end accountable for the Secure & Reliable operation of the Service. Whoever is to be end-to-end Accountable, also will need be to be contract & budget holder. This is important to enable successful management of contract performance. One has far less leverage if one is not paying the bill.

The Request For Information (RFI)

After the initial market scan where you have researched which services / products there are in the market that can fulfil your needs and which companies can deliver these, you probably have a long list of possible candidates. The RFI (Request for information) step is used to separate the likely less successful BID candidates from the possible more successful BID candidates and to bring the long list back to a shorter more manageable list. You will invite the remaining candidates to enter into a more detailed and more effort intensive RFP selection round.

The common RFI approach is to request high-level information that enables you to assess if the prospected provider would in principle to be capable to deliver and can satisfy the knock-out criteria, and (when relevant) if a sustainable relationship can be built up. (e.g. you might want to know if the company has experience with a similar product, has global presence and holds certain industry standard certifications)

There is no set standard for the RFI, however my advice is: “less is more”” Try to ask a few broad questions that enable you to assess maturity, capability on key requirements and alignment on key principles, instead of asking for a lot of details. Consider, you also have to review all the answers.

The Request For Proposal (RFP)

In the RFP step, you will go in more detail with a limited set of vendors. What you want to ask the vendors will depend on the situation. Questions should focus on trying to ensure secure and reliable operations, that there will be facilities in place to manage the service provider’s performance and to verify that Quality Requirements will be fulfilled. The output of the RFP can be used as input for the service transition, it provides the service scope and acceptance criteria.

Example RFI and RFP Questions

ID# Assurance Category / Short Name Details When to request? RFI or RFP?
1 Architecture Assurance Validate that quality requirements are being satisfied  
1.1 Application Customization and Configurations
  1. Does the <service provider> Service Offering provide tailoring capabilities?
  2. If so, can you describe your approach to manage the risks of these changes not adversely impacting customer ability to follow the service upgrade path
Recommended RFI
latest RFP
1.2 Quality Assurance Landscapes <service provider> is requested to provide details on available quality assurance landscapes (development, test and acceptance) besides the production landscape. If such landscapes are not part of the current service offering, <service provider> is requested to confirm subscribing to delivery of these landscapes as part of the agreement before service Recommended RFI
latest RFP
1.3 Testing Engineering Practices <service provider> is requested to share their approaches for unit, system integration, regression and user acceptance testing and any tooling used to support this. Recommended RFI
latest RFP
1.4 Network Latency <service provider> is asked to show how requests get routed from any point in the world. Articulate the point of strategy for trafficking requests from a company’s last mile to its data centre and back. Recommended RFI
latest RFP
1.5 Application response time Can you Indicate if you can guarantee, and if, what the guaranteed response times from the user perspective (user interface) are for particular common use cases Recommended RFI
latest RFP
2 Support Model Design and implement the Support model.    
2.1 Service Scope: E2E Application Service If <service provider> is expected to be responsible for managing the end-to-end application service solution then this includes the operations and service management of the application service and other supporting services. <service provider> is requested to confirm subscribing to this expectation. Recommended RFI
latest RFP
2.2 Service Scope: Service Integration Operational Responsibility If multiple Service Partners are needed to deliver the Application Service, <service provider> is expected to consolidate these services by subcontracting the Service Partners and delivering one single application service to <Customer>. <service provider> is requested to confirm subscribing to this expectation. Recommended RFI
latest RFP
2.3 The Service Support Model diagram <service provider> requested to share their IT support model* for the <service>. Within this support model we would like to see a graphical representations of:

    1. the support functions
    2. the providers for the functions
    3. the support relationships (interfaces/interactions between functions)
    4. Escalation paths

* if such a Service Support Model cannot be made available at this time, <service provider> is requested to confirm their subscription to the joined development of this Support Model and it to be completed before service commencement

Optional RFI

Suggested RFP

2.4 The Service Support Model – subcontracted support functions
  1. If a Support Function is subcontracted, please provide details on the subcontracted service partner and indicate whether this is a new service relationship with this partner or if you are providing similar services with this partner for other customers.
  2. How Interfaces with <Customer> systems are to be managed
  3. Common Support Scenario’s and the flow through the Support Model
Optional RFI

Suggested RFP

3 Contracts (Business)SLA, related OLA(‘s) and SOW’s and other contract(s) with subcontractors    
3.1 End-to-End Service Level Objectives If multiple Service Partners are needed to deliver the Service. <service provider> is responsible for the delivery of the services in accordance with the Service Level Agreement. Where a dependency exists on third party suppliers to enable <service provider> to deliver the services, it is the sole responsibility of <service provider> to manage this dependency. <service provider> is requested to confirm to subscribing to this approach as part of the service agreement. Recommended RFI
latest RFP
3.2 Service Level Objectives <service provider> is requested to confirm their intention to align the <service provider> service offering to the <Customer> Service Level Objectives Recommended RFI
latest RFP
3.3 Service Level Agreement The intent is the use the <Customer> Template as basis for drafting the <service provider> <application service> SLA. <service provider> is requested to subscribe to this approach and to indicate if there are any items in the SLA template <service provider> is not able or may not wish to conform with. In such a case, <service provider> is invited to suggest amendments on, – and text change proposals to <Customer> the SLA template. Recommended RFI
latest RFP
3.4 IT Key Performance Indicators (KPI) <service provider> is requested to share the details of the KPI’s for their <application service>Service.*

The KPI’s requested are:

  1. Application Service Management KPI’s
  2. Application Landscape Performance KPI’s

* if such KPI’s are not available at this time, <service provider> is requested to confirm their subscription to the joined development of these KPI’s

Optional RFI

Suggested RFP

3.5 Request Catalogue <service provider> is requested to provide a request catalogue* indicating its base services and discretionary services available to <Customer> with associated prices, conditions and turn-around times .

* if a request catalogue is not available at this time, <service provider> is requested to confirm their subscription to the joined development of the request catalogue and it to be completed before service commencement

Optional RFI

Suggested RFP

3.6 Start of service Fees and service commencement <service provider> is requested to subscribe to the approach that:

  1. Service Fees will not be applicable until service commencement starts, unless otherwise formally agreed.
  2. Service Commencement cannot start until <service provider> has received formal approval from <Customer>
Recommended RFI
latest RFP
3.7 Service Credits <service provider> is requested to subscribe to a service credits model. This model is intended to be used to calculate deductions on contract charges in case supplier performance is below a specified threshold. <service provider> is to confirm whether they subscribe to using this model. Recommended RFI
latest RFP
3.8 pre-emptive recovery rights Do individual customers have pre-emptive recovery rights over others? If yes, then please describe the circumstances that would allow this to happen. If pre-emptive recovery rights are allowed, then describe the supported procedures (and related contractual terms) that enable a customer to have these rights. Recommended RFI
latest RFP
3.9 Periodic Benchmark <Customer> wishes to ensure or verify ongoing performance of supplier by means of the option to hold periodic benchmarks. <service provider> is requested to confirm subscribing to this approach. Recommended RFI
latest RFP
3.10 Charging Model <service provider> is requested to provide an overview of its pricing model:

1. The consumable component of the service and their costs.

2. The calculation model that is used to determine the consumption and related costs for each of the components

Optional RFI

Suggested RFP

3.11 Escrow Vendor is requested to describe how legal escrow will be provided so that ownership of the (IT) assets is that are required in order to continue service is transferred in case of a situation that a provider loses ownership of its assets. Recommended RFI
latest RFP
3.12 Service Exit <service provider> is requested to provide a plan that will ensure business continuity during and post termination of the contract. Plan should include a timeline, stages, milestones, key deliverables and clearly identify vendor and customer responsibilities.

See 3. Schedule Exit of Attachment ESM SLA Terms & Conditions

Optional RFI

Suggested RFP

3.13 Service Exit <service provider> is asked to provide an approach to technically enable the service to be rebuild independently from the provider facilities. Optional RFI

Suggested RFP

4 Support processes and tooling Configure and update relevant (ITIL based) processes and tools  
4.1 Support Processes <service provider> is requested to share documentation on their process implementation for the support processes listed in the Support Processes Attachment. Recommended RFI
latest RFP
4.3 Other Service Reports <service provider> is requested to make available a list and examples of other service reports for their application service*

* if such reports are not available at this time, <service provider> is requested to confirm their subscription to the joined development of these report and it to be completed before service commencement

Recommended RFI
latest RFP
4.4 Testing Engineering Practices <service provider> is requested to share their approaches for unit, system integration, regression and user acceptance testing and any tooling used to support this. Recommended RFI
latest RFP
4.5 Service Release Planning Approach
  1. Are all customers required to upgrade to the new version when it is released or is it possible for a customer to migrate to a newer version at their desired moment?
  2. If it is possible for the customer to choose when to migrate,
    1. Are there any limitations to this service?
    2. Are there any costs associated with this service?
    3. Are there any risks associated with this service?
  3. If <service provider> currently does not provide such a service to its customers, <service provider> is requested to confirm their subscription developing such a facility and make it available to <Customer> before the next release
A service release often will require <Customer> involvement (testing and training required, interfaces need to be updated, etc.) and not being able to complete in time can have a major impact <Customer’s> ability to use the service.

Recommended RFI
latest RFP

5 Support cutover plan Plan that describes how after Go Live support gradually can be transferred form the project to the operation and what the agreed exit criteria for Agreement to Operate (AtO) are  
5.1 Service Transition <service provider> is requested to provide a plan that describes how the service is transitioned from the project phase into the support phase and that ensures operational readiness at the moment of Go Live. The plan should include:

  1. A timeline, the project stages, milestones, key deliverables and clearly identify <service provider> and customer responsibilities.
  2. The plan should also clearly indicate what the pre-requisites for service commencement (Go Live support) are.
  3. If a project support warranty period applies, what are the guidelines for its duration and what are the exit criteria for the project support warranty period?
Optional RFI

Suggested RFP

  1. KPMG: Strategic Visions on the Sourcing Marker 2016 https://assets.kpmg.com/content/dam/kpmg/pdf/2016/03/Strategic-Visions-on-the-Sourcing-Market-2016-25-11-2015.pdf

2 thoughts on “Learn how to source for secure and reliable IT services

Leave a Reply