Professional Documents
Culture Documents
IT VENDOR MANAGEMENT
PRINCIPLES & PRACTICES
CONTENTS
1. Introducon 02
2. Procurement of IT Goods and Services 04
Purchase Manual 04
Fundamental Principles of Procurement 04
Mode of Purchase 04
Noce Inving Tender 06
Stages in Procurement 07
RFP/Tender Contents 12
Submission of Bids: Two-Bid System 13
Evaluaon of Bids and Selecon of Supplier 14
Other Terms and Condions 16
Award of Contract 18
3. Project Execuon, Maintenance and Support 19
Project Management 19
Conflict Management 20
Contract Agreement 20
Service Level Agreement 22
Technology Refresh 23
Terminaon of Contract 24
4. Outsourcing IT Works and Services 25
Value Proposions of Outsourcing 25
What Cannot Be Outsourced? 25
Common Areas of Concerns in Outsourcing 25
Outsourcing Maturity Model 26
Stages in Outsourcing 27
Risk Management in Outsourcing Arrangements 27
Risk Evaluaon and Measurement 28
Importance of IT Outsourcing and Management 28
References 28
AUTHORS
FOREWORD
IT VENDOR MANAGEMENT
ART AND SCIENCE
Dr. A. S. Ramasastri
Director, IDRBT
CHAPTER 1
INTRODUCTION
CHAPTER 2
price to secure full value for the money spent. The responsibility and accountability requires that the
basis for decision is demonstrably clear and objective
Transparency, competition, fairness and elimination of and the procurement authority is held to account for
arbitrariness must be ensured in the procurement the conduct of the procurement process.
process.
Procurement principle is to promote compeon,
Purchase Manual and ensure transparency, fairness, and equitable
treatment to suppliers.
Every organization must have a purchase manual
approved by the board. A purchase manual is a set of Mode of Purchase
instructions and procedures to be followed to ensure
consistency and uniformity across the organization in Each organization with the approval of the board, will
purchases/sourcing. The purchase manual must decide the cut-off amount, up to which procurement
contain detailed purchase procedures, delegation of of IT goods/services can be made without floating
powers to various authorities, and pro formas of tender. All other purchases that exceed the cut-off
various formats. The manual is to be reviewed and amount shall be made through tender process only.
updated at regular intervals say once in a year with the Such procurements may be made either through:
approval of the board. ¬ Global/open tender
In an inevitable situation, an organization in its larger ¬ Limited tender
interest may be compelled to deviate from the laid ¬ Single tender.
down procedures in manual or other guidelines. In
such cases, the organization must document explicitly Global/Open Tender
with logical reasons, the circumstances that
Procurement of non-standard items and purchases of
compelled them to deviate from the prescribed path
large value items of IT goods and services shall be
and the cons if the decision is taken otherwise.
done through global/open tender. Empanelment of
Procurement is acquiring required IT goods or vendors for procurement of standard items is also to
services, in right quanty and right quality at the be done through open/global tender.
best possible price to meet business requirements.
Every organizaon must have a purchase manual, In a global tender, opportunity is given to all the
approved by board. technically and financially competent bidders to
participate in the tender. In order to ensure this and to
Fundamental Principles of Procurement receive competitive bids, wide publicity is given.
Stages in Procurement
Procurement
Pre-Tender
Indent
Functional Requirements
The bid document therefore may contain a w The RFP may have an overriding clause that in case
requirement to provide a suitable middleware to of any dispute, the RFP clauses will prevail.
support interfaces with existing software and those
that may come in future. The tender/RFP must be self contained,
comprehensive, complete and clearly define in
When there is a need for a multi-supplier approach, unambiguous terms, details of IT goods and services
there must be appropriate standardization to ensure to be procured/outsourced; their quality and
interoperability. quantywith specificaons.
¬ Adherence to standards, as evidenced from In the case of AMC/ATS and facilities management,
certifications related to the standards in the area the prices quoted are spread over a period of 3 to 5
of products/ser vices and discussions/ years and prices quoted may vary every year. Hence in
presentations made by suppliers order to arrive at the present value of commercials,
net present value method of evaluation is to be
¬ The pre-qualification criteria should not be too
adopted.
stringent to restrict competition nor tailor-made
to permit entry to one bidder and restrict others. Commercial bids of only those bidders who qualify
under technical evaluaon alone are to be opened
Expression of Interest is issued either to empanel or and evaluated.
shortlist vendors for issuance of tender document
based on pre-qualificaon criteria. Pre-qualificaon
criteria should neither be too stringent to restrict RFP/Tender Contents
compeon nor too liberal to permit entry to the Broadly the RFP/Tender document should include
inexperienced and incompetent suppliers.
the following:
It is a good practice to fix the questions, verification ¬ In case, procurement of goods and works or
process and their scores beforehand among the services exceeds hundred crores, a two-stage
evaluating group members, during reference site bidding process may be adopted.
visit/presentation/demonstrations. After evaluation Single Stage Bidding
the ranking of the bidders should be displayed in the
¬ In a single stage two envelope bidding where the
notice board and website of the bank.
quality of procurement is important and is also
Two aspects of a bid need to be evaluated – the considered to be dependent on the capacity and
technical and the commercial. One of the following credentials of the supplier, a single stage two
two methods may be adopted in evaluation and envelope system may be followed
selection of the successful bidder:
¬ In such a case, the eligibility criteria of the supplier
¬ The successful bidder may be the one who may be specified in the tender notice with a clear
quoted the lowest price among the qualified bench mark of minimum technical capacity. The
technical bidders bidder should be asked to submit their technical
OR bid in one envelope and the financial bid in
¬ The successful bidder may be the one who another envelope
secures highest marks where the evaluation is ¬ The envelopes containing the technical bids should
carried on the combined basis of technical score be opened and scrutinized first. Those bidders who
and the price quoted. The weights for techno- meet the eligibility criteria should be pre-qualified
c o m m e rc i a l e v a l u a t i o n s h o u l d b e p re - and the financial bids of only such pre-qualified
determined and disclosed in the bid document. supplier should be opened and evaluated. The
lowest bidder should normally be selected.
Two-stage Bidding
Other Terms and Conditions should be immediately verified with the issuing bank
before acceptance. The buyer must ensure that
Earnest Money Deposit (EMD)
performance guarantee is valid and in force
Earnest money deposit is obtained from the bidders throughout the contract period by renewing it in time.
with their bids. The purpose of obtaining EMD is to Similarly in case of encashment of guarantee, the
establish the earnestness of bidder in participation of same is to be taken up with the issuing bank before
bid process and to safeguard against the bidder the expiry of guarantee.
withdrawing/altering the bid during validity period.
EMD may be furnished in the form of account payee Performance guarantee should be obtained from
the successful bidder to ensure due performance
demand draft, fixed deposit receipt, or bank
as per the terms of the contract.
guarantee. The EMD amount should ordinarily be
around 2% to 5% of the estimated value of the Delivery Schedule/Project Timelines
procurement to be made.
Time is the essence of any contract/IT project. Total
EMD submitted by the bidder will be forfeited, if: project time is to be properly worked out by taking into
¬ The bidder withdraws or amends the bid consideration, time for delivering IT equipment, their
submitted in any respect within the validity installation and commissioning, testing, customization,
period of the tender porting of software and so forth. If timelines given are
too less and aggressive compared to actual
¬ The successful bidder fails to furnish performance requirements, it may result in damage to quality in
guarantee as required, or fails to accept the order implementation of the project. It may also result in
within the specified period. conflicts as supplier may fail to meet the contractual
No interest is payable on the EMD. EMD of obligations.
unsuccessful bids may be refunded 30 days after the Delivery period is to be properly specified in the
contract is signed. EMD of successful bidder should be contract with definite dates. If a project has various
returned, after acceptance of order and submission of activities/stages/phases, timelines have to be indicated
performance guarantee by the bidder. for each activity such as delivery of hardware,
commissioning of hardware, pilot implementation,
EMD is obtained to establish the earnestness of
training, etc. The timelines given are to be closely
bidder in parcipaon of bid process and to safe
guard against the bidder withdrawing/altering the monitored with the supplier at regular intervals to
bid during validity period. ensure that the project is completed as planned.
Abnormal delays in completion of the project will result
Performance Guarantee in cost overruns.
Rejection of Bids
CHAPTER 3
The key task in project management is ensuring that At the core team level, daily activity plan, progress and
all planned activities of the project are undertaken micro-level issues, if any, will be discussed. A
and completed as per specifications in time. The buyer committee may be formed drawing members from
must also deploy adequate resources from their end. both buyer and supplier teams to review the progress
Resources must be identified and allocated. Activities on a day-to-day basis and plan the work for the
must be properly organized and structured in coming days. At the department level, the progress
accordance with business and technical requirements. may be reviewed once in a week to know the progress
It is essential that both buyers' team and vendors' and issues to be resolved. The supplier in such
team coordinate with each other to reach the meetings must ensure that the reporting authority of
common goal of executing the project as per time the vendor's onsite IT team is involved and present in
schedule without compromising in quality. In this all such meetings. This will facilitate escalation of the
relationship, the vendor and the buyer need to issues if any to them, so that they can be sorted out
transfer, exchange and develop knowledge on a speedily. Further, local team of the vendor will make
continual basis. For effective management, “plan, do, serious attempts to resolve maximum issues before
check, and act” (PDCA) approach may be adopted. the meeting if their higher authority attends the
review meetings. A steering committee is to be
It is essenal that both buyers' team and vendors' constituted drawing key persons from user wings and
team coordinate with each other to reach the vendor's office. Such meetings may be preferably
common goal of execung the project as per me presided by the chairman/executive director and may
schedule without compromising in quality. be conducted once in a month.
¬ Root Cause Analysis (RCA): The buyer with the Contract Agreement
help of supplier must do root cause analysis and
Any procurement will culminate as contractual
know what went wrong and the causes for it
relationship and shall be reduced to writing by signing
¬ The buyer and supplier together must pay a contract agreement and a Service Level Agreement
attention to what has gone wrong rather than (SLA). In the finalization of contract agreement and
who went wrong and define the problem clearly SLA, it is recommended to involve the legal
with causes so that it can be fixed department of the buyer and in all big projects to seek
professional advice from solicitors. It is to be ensured
¬ Most of the problems/conflicts are resolvable if
that the contract agreement does not vary from the
both the parties sit together, deliberate and talk
terms and conditions in the bid document. The
reasonably after RCA
contracted agreement needs to be vetted and
¬ Problem may need two solutions. (i) a temporary fix approved by legal department of the buyer to
to be applied immediately to ensure that systems are approve the legal effect and enforceability of terms
up and running to do business; (ii) a permanent fix and conditions. Tender document/RFP can be made
that needs some time to identify the bug/fault and one of the documents of the contract to refer to in
apply remedies so that it does not occur again. The case of any dispute. The contract must clearly spell out
buyer must monitor the problem/issue till a the rights, responsibilities, and liabilities of both the
permanent fix is given and applied buyer and supplier.
Parties and terms The names of parties involved and length of contract.
Definitions Explanations and definitions of various words used in the contract.
Supporting documentation RFP and any other document, for clarifying the terms and conditions and to
facilitate dispute resolution.
IT assets Details of all hardware and software alongwith model, version to be delivered
by vendor, details of licenses, etc.
Services and resources Description of services and facilities management to be delivered by vendor
and also the quantity and quality of human resources to be provided, details of
key personnel of vendor and banks team.
Metrics for performance Descriptions of service levels and uptime requirements that vendor has to meet
and SLA and the method of measuring them.
Statement of Works (SOW) Statement of Works to be carried out by the vendor (Buyer must go through the
SOW and find them in-line with the RFP specifications.).
Disaster recovery and Backup and disaster recovery, replication plans and methods, etc.; for business
business continuity continuity, Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Role and responsibilities Details of facilities to be provided by the bank and other support to be
of the bank and vendor to vendor for project implementation and the responsibilities of vendor at each
stage.
Benchmarking of solution Details of tests to be carried on proposed solution to confirm that solution is
rightsized to meet the performance criteria.
Monitoring of the project Details of how monitoring of the project will be done and escalation
mechanism.
Payments and schedule Procedure for claiming payments and the stages when payments will be
released.
Liquidated damages Details of when and how liquidated damages will be levied, and the cap if any.
Taxes Applicability of taxes and their structure.
Change control and Procedure for changing the services or for seeking new requirements.
management
Dispute resolution Procedure for dispute resolution.
Termination and exit clause Terms and conditions when a contract can be terminated or either party can
exit. The support to be extended during transition period by vendor and
payment terms during the period.
Source code Method of depositing source code, escrow account, terms for sharing fee
towards depositing source code.
Confidentiality Terms of maintaining confidentiality.
Indemnity Limited and unlimited liability.
Annexure Exhibits to be enclosed to contract.
Terminaon of Contract
When the vendor commits breach of contract, and
fails to remedy such breach within reasonable time
after notice from the buyer, the buyer as per the terms
of contract will have the right to terminate the
contract either in whole or part, for breach of contract
under the following circumstances:
CHAPTER 4
Value Propositions of Outsourcing Some common problems faced during the sourcing
management process include:
Successful sourcing relationships allow bankers to
focus their internal and financial resources on tackling ¬ Continually changing business needs and
business priorities to leverage their core competencies. emergence of new IT services
Relaonal
Maximizaon
High Maturity
Organized
Well-defined process with
Appreciave KM and metrics defined
Transaconal
Maturity
Stages in Outsourcing
Stages in outsourcing is similar to stages in
procurement (see Chapter 2). In procurement, the
buyer procures IT products and goods to meet the
needs, whereas in outsourcing, the buyer turns to Risk Management in Outsourcing
external vendor to get the job done to meet the needs. Arrangements
Material Outsourcing Risk management is the process of identifying,
measuring, monitoring and managing risk. Risks
As per RBI guidelines, banks need to assess the degree of
inherent to process outsourcing include Strategic risk,
'materiality' inherent in the outsourced functions.
Reputation risk, Operational risk, Compliance risk,
Whether an outsourcing arrangement is 'material' to the
Legal risk, Counter party risk, Country risk, Contractual
business context or not is a qualitative judgment and may
risk, Access risk, Concentration and Systemic risk, and
be determined on the basis of criticality of service,
Exit strategy risk.
process, or technology to the overall business objectives.
Failure of a service provider in providing a specified
As per RBI guidelines, outsourcing of non-financial
service, a breach in security/confidentiality, or non-
processes, such as technology operations, is 'material'
compliance with legal and regulatory requirements
and if disrupted has the potential to significantly impact
among others may lead to reputation/financial losses
business operations, reputation and stability of the
for the bank and may also result in systemic risks
bank. Hence, all IT outsourcing is material outsourcing.
within the banking system in the country.
All IT outsourcing is material outsourcing. Pervasive use of technology in banking operations
further amplifies the risk impact.