What Are Vendor Management Best Practices?
Vendor management (VM) best practices help you extract maximum value from vendor relationships. Use best practices to choose and monitor vendors, continuously improve performance, deliver a higher-quality product or service, and lower risk over the life of your contract.
Vendor management is a complex and emerging business discipline that requires multiple skills of its practitioners, human and financial resources, and executive buy-in. To learn more about VM and its best practices, read “ .”
What Is Good Vendor Management?
Sean-Michael Callahan is a Principal at The NiVACK Group, which provides procurement-focused executive advisory services to help clients drive strategic value. Callahan says, “The objective of vendor management is to fortify company success and overall marketplace performance.”
“Vendor management and its best practices form an intentional process,” Callahan explains. “That process should build and leverage two-way relationships to enhance collaboration, foster innovation, and drive competitive advantage.”
In the past, the primary concern of vendor management or purchasing was simply to keep costs low. Today, vendor management has become a way to create strategic alliances that play a crucial role in an organization’s success or failure. For example, during belt-tightening or recessionary years, such as 2008 and 2020, forward-thinking managers used that time to work with vendors to gain efficiencies, strengthen relationships, and prepare for the coming upturn.
While selling your products and services helps determine one aspect of your achievements, the success of your vendor management practice ultimately comes down to managing relationships. Vendor relationship management (VRM), a subset of vendor management, refers to the soft skills that enable smooth interactions, negotiations, and collaboration between you and those you’ve contracted to provide services and products. Learn more with the “Definitive Guide to Vendor Relationship Management.”
Vendor Management Strategy, Tips, and Best Practices for Every Business
Vendor management strategy and best practices eliminate waste and raise productivity in the purchase of goods and services. A vendor management strategy builds a framework to set policy, establish and monitor KPIs, foster collaboration, and lower risk.
Jon M. Quigley, author and Value Transformation LLC Principal, stresses a vendor management strategy that makes sense for every business: “Set goals. Everything that delivers success derives from your clarity. Gain approval from stakeholders. Then communicate those goals to potential or current vendors.”
Set a Clear Vendor Management Policy
A vendor management policy is a document that informs senior management and company board members about vendor management activities. A comprehensive vendor management policy is the foundation of a robust and strategic vendor management practice.
“An effective VM policy includes elements that drive quality improvements, performance improvement, innovation, collaboration, risk reduction, and vendor diversity,” says NiVACK Group’s Callahan.”These elements lead to cost savings, memorialized inventory and supply management, and cycle time reductions.”
Vendor management policy best practices include the following:
- Form a Purchasing Committee: Members of the committee should include the vendor manager and executives, unit managers, and other key stakeholders. On a regular basis, the committee should discuss policy, review performance, and refocus in response to changing conditions.
- Designate the Responsible Parties: Your policy should include who’s responsible, a general outline of how the department works, and board and senior management oversight standards.
- Write a Formal Document: The vendor management policy is a clear strategic framework that you write as a formal document. Management approves the policy, which should include how you will keep senior management and board members informed.
- Align Your Company’s Purchasing Strategy with Your Overall Strategy: In an ever-more competitive global environment, executives understand the power of procurement. Management expects the purchasing department to reduce costs, as well as foster communication and collaboration, with vendors in order to launch and sustain new product or service innovations.
- Attain the Ideal Number of Vendors: Aim to have the appropriate or optimal number of vendors, given the categories you establish. To arrive at that ideal number, you should consider risk factors, the diversity of your requirements, and market dynamism. Once you make this calculation, your vendors can deliver a competitive advantage.
- Create a Process for Vendor Selection and Review: Set parameters that make sense for your company. Then plan site visits and prepare auditing requirements. For logical and time-saving ways to determine long-term business partnerships, check out this guide to simplified vendor assessment and evaluation.
- Establish Guiding Principles for Risk Assessment: Review financial, legal, and information security risks for any vendor. To verify a vendor, look for independent documentation such as tax records and bank statements. Depending on your company’s size, you might need a risk assessment professional or a risk assessment committee.
- Determine the Metrics You Want to Monitor: Define what you want to monitor using key performance indicators (KPIs). Measurements should include data that you can capture and measure objectively, as well as qualitative observations or additional contextual factors.
Ensure That Vendor Contracts Delineate Responsibilities
A vendor contract is a legal agreement that clarifies your expectations of a vendor. The contract specifies the nature of the product or service, the quantity that the vendor supplies, and the conditions under which the vendor supplies the product or service.
A vendor contract also enables resolution if either party fails to deliver on the agreed-upon terms.
Vendor contract best practices include the following:
- Policy Document Guidelines: Follow vendor management policy guidelines as you develop contracts.
- Scope of Work (SOW) or Service-Level Agreements (SLAs): While the boilerplate policy document you create covers your general parameters, you must include vendor-specific agreements that dig into the details in order to prevent issues down the line. SLAs or SOW documents establish thresholds that the vendor must meet. They also include compliance requirements, performance expectations, and data breach management details, as well as the corresponding penalties.
- Information-Sharing Expectations: To work collaboratively with vendors, you must share information and priorities as part of your agreement. This information should include your vendor strategies, plans, objectives, challenge areas, organizational details, and technology stack. It might also include your organizational structure, as well as your interest in and commitment to the customer. In addition, it might include the vendor’s capabilities and investment areas.
- Payment Terms: The contract should describe the costs of services or products, payment schedules, payees, and late payment penalties.
- Insurance and Liability Requirements: All the U.S. vendors you do business with must prove that they have a minimum of two types of coverage. The first is worker’s compensation insurance, which provides wages and medical benefits to injured employees. The second is liability insurance or third-party insurance, which protects your organization from lawsuit liabilities, as well as the insured vendor if someone sues it for claims that the policy covers.
- Fourth-Party Stipulations: Vendors often subcontract work to other vendors in order to supply products or services. To move forward with confidence, make sure that your third-party vendor identifies any fourth-party subcontractors and monitors that party’s compliance with contractual agreements.
It takes time to generate and negotiate a well-written, comprehensive contract, but the document will save your organization work hours and trouble over the long term.
Use KPIs to Measure and Monitor Vendor Performance
A vendor management KPI or metric is a measurable value that tracks critical areas of vendor performance, capacity, and compliance. When these KPIs focus on strategic sourcing as well as low risk and high value to the buyer, they enable data-driven approaches to managing vendors.
“KPIs can vary by industry because of different governing bodies or standards, or they may shift depending on what stage you are in regarding a particular project. For example, your project may currently be in the production line stage,” observes Value Transformation’s Quigley. “You also need to review KPIs over time to make sure they still match specific deliverable needs and the market. For example, even though you may want to limit costs, you may need to spend more on quality, because of particular conditions.”
KPIs support continuous improvement concerning how a purchasing team uses its vendors, manages its supply chain, and makes adjustments. To reach your company’s goals and objectives, you might shift plans as necessary, based on KPI data.
Vendor management KPI best practices include the following:
- KPI Limits: Measure what’s most important to your business, and emphasize the KPIs that your CEO values.
- Metrics Explanations: Your vendors should know and understand your KPIs and other metrics and work to meet them. By sharing those thresholds, you clarify expectations and offer vendors the right yardsticks to see whether they are underperforming, meeting expectations, or overperforming. You might also want to incentivize your vendors based on performance against KPIs.
- Realistic Expectations: Make sure that you set achievable and realistic deadlines when considering quality, quantity, and schedules. Consult with your vendors or subject matter experts to determine whether or not what you’re asking for is achievable.
- Ongoing Review: Based on reasonable market conditions or revised business goals, KPIs aren’t static. Review them periodically, adjust as necessary, and advise and consult with your vendors as you consider changes.
- Data Tracking with Software: For best results, track KPIs using software. This technology should collect data and indicate corresponding accountability.
Manage Outsourced Service Providers and Outsourcing Risks
Your company faces inherent financial, legal, and data security risks when outsourcing products or services. Mitigate risks and protect your interests by creating clear policies, performing due diligence before you sign contracts, and performing ongoing oversight.
Today, data risk is a widespread concern. Organizations in nearly every industry embrace AI and the cloud, and they place data at the core of their business strategies. Value Transformation’s Quigley offers the following advice: “Risk always exists with any third-party vendor, even if that risk is low. From day one, do whatever you can in your policies, contracts, and ongoing oversight to mitigate those risks.”
Vendor management risk governance best practices include the following:
- Risk Tiering: Identify risk categories, along with their likelihood and business impact. You can also rank the risks associated with individual products and services to determine where you might need more due diligence. Tailor the amount of information you request from a vendor to the level of risk associated with the product or service that this third party is providing. For instance, a cardboard box provider doesn’t need to furnish you with the same amount of information as your IT provider.
- Appropriate Control Levels: Review vendor policies and procedures periodically; it is crucial to update them, focusing particularly on risk mitigation. Keep controls realistic, as well as easy to understand and to follow.
- Financial Risk Management: The insolvency of a critical vendor poses a significant risk to your operations. Manage that risk by requesting and closely examining a vendor’s audited financial statements, tax records, credit rating, and bank statements.
- Legal Risk Management: Legal risks include fraud, poor sustainability practices, new and changing regulations, and intellectual property loss. You should have an in-house legal team or legal consultant who handles compliance, risk management, and legal governance.
- Data Security Risk Management: Data breaches can devastate your business, so make sure to manage data risk; doing so is essential for success. The U.S. Department of Commerce Computer Security Resource Center’s National Institute of Standards and Technology (NIST) offers guidance and a wide range of free publications that cover best practices for every aspect of cybersecurity at any type of organization — industry, government, or academia.
- Reputation Risk Management: Reputational risk is about more than what you and your vendors say to and do for your customers; it’s about how you make them feel. Reputational risk should be an integral part of company strategy and planning efforts. Focus on customer-facing or customer-focused product or service vendors, as these parties pose the highest risk to your reputation and expose you to the most significant potential dangers. Create response and contingency plans in advance with your PR department or agency; it is crucial to be prepared in the event of an incident that puts your company in reputational jeopardy.
- Documentation and Updating: Due diligence is ongoing, and documents turn stale. Depending on the type of business you’re in and the level of risk you carry, you might want to ask your vendors to update their documents annually. A service organization controls (SOC) report helps verify that an organization follows best practices. As an independent third party, a certified public accountant administers the SOC. Even without an SOC, you also want fresh documentation regarding financial information, business continuity plans, disaster recovery plans, policies and procedures, and any compliance documentation relevant to your industry.
- Reliance on Subject Matter Experts (SMEs): When it comes to due diligence analysis, the person you choose to perform a risk review is as significant as the review itself. For example, a Certified Information Security Systems Professional (CISSP) or someone with extensive IT experience can execute an analysis of your security operations center. At the same time, a CPA is the right SME to perform a financial analysis.
If you want to understand how to perform vendor risk due diligence, it’s easier than ever with the “Simplified Guide to Vendor Risk Assessment.”
Foster Vendor Collaboration
Fostering and maintaining close partnerships with your vendors is a cornerstone and best practice of strategic vendor management — it also pays off. Effective procurement saves money and accelerates innovation through business development and R&D.
Vendor collaboration moves the needle for companies that do it well. In 2012, McKinsey & Company conducted a survey of more than 100 large companies in multiple sectors. The survey found the following: Enterprises that regularly collaborated with vendors lowered their operating costs. They also generated higher growth and greater profits than their peers.
Vendor collaboration best practices that result in success include the following:
- Establish Formal Onboarding: Set clear expectations during onboarding. Take advantage of the opportunity to learn more about your new supplier and form a reciprocal relationship with the “Complete Guide to Vendor Onboarding.”
- Create Win-Win Alliances with Key Vendors: Within the ecosystem of possibilities, find the vendors that make the best partners. Use your relationship to address critical corporate agendas, such as innovation, sustainability, and efficiency improvements.
- Trust Building and Flexibility: Partner with your vendors to help you strategize. Take the time to understand your vendor’s business, and create mutually beneficial solutions. Collaboration that results in mutual benefit requires patience, transparency, and trust on both sides.
- Increase Cross-Functionality by Sharing Information Internally: To cultivate the most fruitful vendor management possibilities, make sure that your internal teams and departments share information and maintain an open atmosphere. Once you achieve interdepartmental and vendor collaboration, your vendor management department shifts into a more strategic position.
- Challenge Vendors to Innovate and Excel: When you make the shift to strategic vendor management, you need to move beyond the mere goal of cost savings; doing this almost always makes a vendor resistant and defensive. Challenge your suppliers to innovate and to improve sustainability, quality, and efficiency. Mutual collaboration often results in lower failure rates of overall economies.
Plan for a Clean Exit
No one likes to think about ending a partnership before it even begins, but key vendor relationships are an exception. An exit strategy is an integral part of the vendor lifecycle, so pay close attention to your contract language.
As a best practice, you can avoid a business crisis by having an exit strategy.
Vendor relationships can come to an end for various reasons: A contract concludes, a supplier closes its doors, a vendor raises its prices, or unfortunately, the vendor fails to comply with its agreements. According to data from a 2020 World Commerce and Contracting report, poor contract management costs companies 9 percent of their bottom-line profits. You can prevent that kind of loss with a properly contracted vendor prenup.
Here are best practices to (graciously) end a vendor relationship:
- Include Your Exit Plan in a Collaborative Contract: The week you award a contract is the best time to collaborate with your vendor to document exit provisions, handover processes, and mutual obligations. Stipulate these elements in the contract. You have a greater chance of reaching an agreement while contract negotiations are still competitive. Many businesses use the ISO44001 Collaborative Business Relationship Standard. This standard for agreements and contracts emphasizes outcomes rather than the legal combat of more traditional arrangements. Following this ISO standard, you also include a joint exit strategy.
- Perform a 90-Day Review and Semiannual Updates: Your contract should include an initial three months of due diligence and review. In addition, use a provision that allows you to update your contract every six months. This way, your contract remains relevant — reflecting current working practices, changing conditions, and innovations in the product or service delivery.
- Maintain Clarity at Every Stage until the End of the Contract Lifecycle: In order to limit issues down the line, be sure to maintain standards and completion certifications at every stage of the contract. Also, make sure that your lawyers, technical staff, and contract, procurement, and project managers participate in reviews. The contributions of these key experts ensure that your contract remains meaningful. When you truly collaborate to articulate a joint exit strategy, you maximize the likelihood of preserving an amicable relationship and the ability to work together again in the future.
- Make Sure You Have Valid Grounds: Terminating and exiting a strategic vendor agreement is a significant undertaking with serious financial and operational risks. Don’t pursue it lightly or when emotions are high, because contentious situations are often fixable. Buyers are under a legal obligation to do everything to fix a relationship before termination. In such matters, the court often favors the vendor, requiring the buyer to pay costs. Renegotiating a relationship is usually a less risky course of action.
- Keep Records: Keep accurate records throughout the life of your contract. Include everything from meeting notes to manuals, and ensure that they are centralized, organized, and easy to retrieve. If an issue arises or you wish to terminate, you can quickly locate the information. In order to protect your organization should legal issues arise after the end of a contract, store documents and any communication electronically for 10 years beyond the contract’s duration.
- Provide Your Termination Team with a Checklist: You may find it more difficult to end a crucial vendor relationship than to start one. It often takes a team of internal staff, legal consultants, and others to bring such a relationship to a close. To clarify the process, share a checklist of all necessary actions with your vendor. Here are the stipulations to include: The vendor must return all documentation, data, inventory records, intellectual property rights, and nondisclosure and confidentiality agreements; it must relinquish access to all IT systems and data-sharing platforms; and it must commit to cooperating with new vendors in order to achieve a smooth transition.
Whatever the situation when you end a partnership with a vendor, keep the door open on your way out. After all, at a future point, you might want to resolve your differences, renew the relationship, and work for mutual benefit.
Vendor Management Best Practices for Specific Industries
Many vendor management best practices are universal, such as linking VM to company strategy. However, different industries focus on different best practice issues. For example, the financial services industry must maintain rigorous government compliance to minimize the risk of data breaches.
Bank, Credit Union, and Other Financial Services Best Practices
Financial institutions include banks, trust companies, insurance companies, and brokerages. Best practices prevent the legal, reputational, and financial risks of noncompliant vendors that provide services.
Data breaches are a significant and ongoing concern for financial institutions. ZDNet cites two among many examples in 2020: Experian’s South African branch reported a data breach that impacted 24 million customers; the Chilean bank BancoEstado was forced to close branches due to a ransomware attack. Statista reported in August 2020 that cybercrimes have the highest average annual costs for the U.S. financial services industry.
Jim Pendergast is Senior Vice President of altLINE, a division of The Southern Bank Company. “We're a financial vendor ourselves,” says Pendergast. “Our specialty is alternative lending, factoring, and consulting for organizations across a wide range of industries. I have multiple financial services outsourcing tips to offer from the vendor lens.”
Here are Pendergast’s financial services best practices tips:
- Clarify Your Data Policy: Outline data usage policies and make sure both parties understand them. Data privacy and vendor usage are recurring concerns for these kinds of partnerships. With more and more financial services companies relying on outsourced cloud-based services, your organization needs to redouble its commitment to clear usage and transmission policies. Otherwise, you expose yourself to serious compliance risks, not to mention regulatory repercussions, should either side mismanage data.
- Do the Research on Overseas Outsourcing: When you outsource overseas, things get complicated. Though we live in a globalized world, data regulations still have a long way to go when it comes to international standardization. You have to understand how your vendor operates with data, familiarize yourself with the regulations in the vendor’s country, and know what infrastructure is available to support safe data management.
- Make the Most of the Services You Purchase: Review untapped service opportunities to avoid duplicate operations. Organizations often fail to maximize the services their vendor offers and, as a consequence, frequently perform redundant work. Both issues detract from the potentially high net value of outsourcing, a key cost metric illuminating a partnership’s profitability.
- Use Integrated Vendor Portals: Integrated vendor management portals provide visibility into outsourced versus internal work, revealing gaps or overlap. Fix those and you stand to maximize the efficiency and profitability of outsourcing.
In the financial services industry, vendor management risks are often interconnected. Taking a holistic approach to vendor risk management, including even the possibility of outsourcing all risk to a vetted and trusted third-party risk management firm, might make it easier to manage risks.
Call Center Vendor Management Best Practices
Outsourcing call centers became popular in the 1990s because companies wanted to lower their personnel costs. They still do. The focus of today’s call center vendor management best practices is to keep customer service quality standards high and prices low.
In the last 20 years, call center outsourcing has skyrocketed in the United States and abroad. Some countries, such as India and the Philippines, have built large parts of their economy around the service. A Magellan Solutions 2020 benchmark study reports that there are 1.15 million call center employees worldwide, with a projected 1.8 million by 2022.
Call center selection and ongoing management best practices include the following:
- Guarantee a Good Customer Experience: As competition increases, customer loyalty is essential to any company’s growth and survival. Whether you outsource inside or outside of your country, make sure that you check the references of past and present customers, look at agent turnover rates, determine whether agents are dedicated or shared, and find out whether or not your supplier handles outages and downtime with a solid disaster recovery plan.
- Research Multiple Language Services: Many call centers offer Spanish-speaking options as part of their standard service, but some charge an additional fee. Be sure to verify those costs. If you need multilingual service because you have an international customer base, find out the following: which languages or translation services are available; the experience levels of the agents; and the fees attached to the service.
- Demand Transparency: Reputable call centers offer a transparent pricing structure and are confident that they deliver value for service. A reputable company always has white papers, case studies, and webinars available for your review. They also encourage on-site visits and let you speak with customers about their experience with the call center vendor.
- Set Goals and Track Quality: Share your KPIs as part of your vendor selection, and ask your call center management contact how they intend to meet those metrics. Set up weekly meetings with your vendor to discuss metrics and any challenges that may arise. Make sure that you receive dynamic reports and have access to tools that measure agent performance effectiveness.
- Gauge Engagement: Ask relevant questions as part of your vetting process. Make sure that you have a dedicated manager or team to answer your questions promptly. Verify that the call center is open to customer feedback and is willing to make changes. Determine which channels, portals, and tools the vendor uses for reporting. Hold your vendors accountable for following through with their promises and time commitments.
Optimal customer service is vital to your bottom line because it increases customer loyalty and customer spend. It also generates positive word of mouth about your organization.
HR Vendor Management Best Practices
Human resources (HR) outsourcing is commonly used in the United States and abroad to save money and give in-house HR professionals the ability to focus on strategic efforts. Best practices for HR outsourcing include establishing a strong business case and governance strategy.
The market for HR outsourcing is going strong. Outsourced services include temporary staffing, background checks, drug screening, relocation services, payroll functions, coaching and training, and benefits administration. A 2020 market research study by Reportlinker estimates the global human resources outsourcing (HRO) market at $32.8 billion and the U.S. HRO market at $9.7 billion.
Best practices for managing HR outsourced vendors include the following:
- Make a Strong Business Case: Your organization should document its decision to outsource, including the reason for the move. Quantitative benefits should focus on the money you save (in specific dollar amounts) by outsourcing and not building a full-service, in-house HR department. Quantitative benefits should also focus on your expected return on investment. Qualitative benefits should include metrics such as increased employee job satisfaction and improved response times.
- Create a Formal Strategy: Have a written policy and procedure that has been approved by stakeholders. The document should clearly communicate activities, expectations, and instructions for resolving issues as they occur.
- Meet Potential Vendors Face to Face: Meet vendors in person before you award them a contract. Also, to foster collaboration throughout the contract’s lifecycle, continue to have periodic face-to-face meetings.
- Define Service Criteria: SLAs should cover service quality evaluation metrics. Limit KPIs to a manageable number; identify the most important ones; and review them often. The call center should share data, sending it within agreed-upon time frames. If the vendor doesn’t achieve the KPIs, communicate with them to determine the source of the shortfall, and make a plan to address the issues.
- Track Issues: Maintain a log to track and describe the cause and resolution of any vendor-related issue. Then make sure your vendor shares this information within its organization in order to reset procedures and prevent future issues.
- Check Invoices for Accuracy: Many HR outsourcing contracts have complicated fee structures. Make sure that your HR management and accounting teams review vendor invoices to uncover errors and resolve discrepancies.
Choose a services company that focuses solely on HR. A specialty vendor has advanced policies and technology in place, so you can get faster results.
Overcome Key Challenges for a Successful Offshore Outsourcing Process
Offshore outsourcing occurs when a company abroad provides you with products or services. The intention is to save money. Offshoring also comes with quality, efficiency, management, communication, and leadership challenges that you can overcome with targeted best practices.
Gerard Blokdyk, CEO of The Art of Service and author of more than 50 business management books, including Effective Vendor Management: A Complete Guide (2020 Edition), says successful offshoring and virtually all vendor management is simply about systematically taking control.
“First, define your desired sourcing mix — internal, external, onshore, offshore — based on logical business choices,” says Blokdyk. “Next, define and scope third-party deliverables.”
A globalized environment is what offshoring is all about. Blokdyk says, given that reality, “You must require vendors to provide the details of their sourcing, outsourcing, and offshoring fourth-party arrangements that may impact your operations.” He adds, “Have procedures in place that delineate your acceptance criteria for, approval of, and ongoing monitoring and management of outsourced vendors.”
Here are more best practices to help you address the challenges of offshore outsourcing and minimize their impact:
- Solve Quality Disappointments: Make sure your team and the offshore team sync up through a manager. If quality is lacking, work together to improve onboarding, and assign someone to the quality assurance role. Be clear about expectations, and have more frequent check-ins. Look for the source of the problem and work together to come up with solutions. In addition, let vendor team members know that they should review their deliverables before sending them to your in-house team for a more thorough review.
- Overcome Missed Deadlines: Offshore team members might feel swamped because they are new or trying to meet too many requirements. Be clear about deadlines to avoid disappointments and misunderstandings. You can usually set things right with more effective verbal and written communication.
- Improve Communication: Choose the same collaboration tools for tracking, reporting, and sharing documents in real time; communicating; conducting web conferences, managing projects; making video calls; and instant messaging. Respond clearly, kindly, and openly to suggestions and questions.
- Answer Cultural Challenges: Multicultural awareness or diversity training helps you understand the culture, norms, and customs of your vendor team. Chances are good that members of the offshore team abroad are not fluent in your language. If this is the case, it’s best to use basic vocabulary, get to the point, and avoid metaphors, slang, or jargon.
- Address Time Zone Differences: Set a regular, mutually convenient time for meetings when both teams are present and alert. Your sessions can be quick daily updates or more extended weekly conversations. Just be sure to maintain a consistent schedule.
- Confront High Turnover Rates: If you use offshore staff for IT services, buyer beware. The National Association of Software and Service Companies (NASSCOM) reports that employee turnover rates at overseas vendors often exceed 40 percent. According to NASSCOM, there is a strong correlation between low retention rates at offshore vendors and problems with both the quality of deliverables and the continuity of service. Be sure to ask about turnover rates and determine if salaries are competitive.
Blokdyk also says it’s essential to look ahead: “How do you anticipate the ways in which your needs will change in the next 12 months? How will the mix of onshore and offshore third-party vendors change? Make a plan based on your current data and your current outsourcing results.” Renegotiate your contracts based on data-informed projections.
IT Vendor Management Best Practices
Information technology (IT) vendor management oversees technology procurement and implementation. The goals of IT vendor management are to extract the most value and quality from IT investments, control performance to eliminate customer and internal operation disruptions, and mitigate data and other risks.
“In the IT vendor management process, the questions you want to answer are, ‘Which combination of options meets your organization’s requirements?’ and ‘Which options provide the greatest value or are the most cost effective in terms of a lifecycle?’” Blokdyk recommends. “For example, an SLA is integral to many IT solutions. When a solution does include an SLA, that SLA defines your relationship with the vendor. Incident management process workflow, for instance, holds the vendor responsible for communicating any outages or incidents via tickets, emails, etc. And that vendor must adhere to SLA response times.”
In IT vendor management, risk is an overriding concern. Yet, the Ponemon Institute’s recent Global State of Cybersecurity in Small and Medium-Sized Businesses study found that more than one-third of small and medium-sized businesses don’t have an incident response plan in place for data breaches and cyberattacks. The study also found that this lack of preparedness persisted, even though 60 percent of the study’s participants had experienced a loss or theft of sensitive data in the previous 12 months. This lack of readiness is costly, because it requires a business to scramble to return its systems to normal after an attack.
Therefore, preparedness is an overriding best practice of IT vendor management. “Ensure that any failures on the part of your vendor's systems or processes do not significantly impact your organization’s (or your clients’) business processes or revenue streams,” Blokdyk stresses.
Here are some additional best practices to help you take control of your outsourced IT:
- Set Technical Standards: Document technical standards in a formal document that establishes uniform technical or engineering criteria, practices, methods, and processes. Every team member should have access to the document and refer to it if they have questions before turning problems over to their manager or client-side team members.
- Specify and Maintain Oversight of Compliance Standards: You need to follow regulations — which means your vendors need to follow them too. Here are some of the most prevalent security regulations: the International Organization for Standardization’s (ISO) ISO 9001 and ISO 27001; Control Objectives for Information and Related Technologies (COBIT); Cybersecurity Framework (CSF), Health Insurance Portability and Accountability Act (HIPAA), National Institute of Standards and Technology’s NIST 800-53; Payment Card Industry Security Standard Council (PCI-DSS); California Consumer Privacy Act (CCPA); Shield Act of New York Online Trust Alliance (OTA); and General Data Protection Regulation (GDPR).
- Establish Disaster Recovery and Incident Response Plans: You should have your plans, and so should your vendors. A disaster recovery plan ensures the continuity of business processes after a service disruption. An incident response plan readies you for protecting sensitive data in the event of a security breach.
- Nurture the Relationship: Communicate regularly, educating vendors about your strategy while you learn about theirs. Focus on cultivating long-term benefits such as trust and familiarity. Switching vendors for short-term gains ends up costing money in the long run.
- Meet Evolving Business Requirements, IT Requirements, and Security Needs: As your IT becomes more aligned with your overall strategic initiatives, the technology must be able to evolve rapidly. At the same time, IT must be able to adhere to both changing business requirements and the latest security standards.
As tech continues to dominate in so many business areas, larger organizations have often responded by creating a dedicated IT vendor management office that services the entire company. IT team members for vendor management keep pace with technology changes, control varied and complex contracts at home and abroad, prevent overlaps in tech purchases, and extract value from IT vendor relationships.
Multivendor Management Best Practices and the Power of Vendor Management Systems Technology
Managing multiple vendors is challenging for any business. When you have thousands of vendors — common in healthcare, military, and retail — use vendor management systems software to follow best practices for monitoring operations and supporting profitable relationships.
“If you have a huge number of vendors, you must have a vendor management program in place,” advises NiVACK Group’s Callahan. “Categorize and tier your vendors; memorialize program objectives; have clear performance measurement standards; execute via management-by-objective; and then monitor performance.”
Vendor management systems enable you to put your plan into action, automate the top vendor best practices, and scale them:
- Perform Risk Assessments: Only you know which risks are most meaningful and how to rank them. Using vendor scorecards enables you to segment the variables you deem essential and determine which supplier poses the least risk in vital areas. Learn more with the “Ultimate Guide to Vendor Scorecards.”
- Centralize Sourcing and Collaboration: Vendor management systems use a centralized database to simplify the bidding process, distribute contracts, and improve collaboration.
- Regulate Compliance: Best-in-class vendor management systems use compliance scorecards and rules engines to strengthen compliance protocols.
- Source and Select Vendors: Vendor management systems software helps you identify prospective vendors, assess risks, obtain quotes, and determine which vendors you want to place under contract.
- Perform Onboarding and Compliance Simultaneously: Get new vendors in sync with your organization’s policies and practices while checking every box for state and compliance regulations.
- Paying Vendors: Vendor management systems software gives you immediate access to the billing information you need to complete transactions. Such transactions include billable hour tracking, payments made and due, and tax withholding.
- Evaluate and Analyze Vendor Performance: With vendor management software, you can analyze and track performance based on historical data, new data, and comparisons against your KPIs. Using these capabilities, you can perform quality assessments and note deviations. Once a transaction or task is complete, document how well or how poorly vendors performed, so you can address any failure to meet expectations and identify exemplary or subpar vendors.
Choosing vendor management software systems can be daunting. For ideas and guidance, review “How to Pick the Right Vendor Management Software for Your Company.”
Maximize Your Vendor Management Best Practices with Smartsheet
Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.
Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change.
The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.
When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.