Overview of Supplier Management Practice and SIAM in ITIL 4

The Relevance of Supplier Management in Today’s Digital Environment

In today’s digital environment, regardless of where you work and the customers you support, we as service providers do not have all of the knowledge and capabilities to do everything ourselves. We have to work with external entities; and in cases of bi-modal or “dual pace” IT, part of the digital business is outsourced while traditional IT remains in-house. Either way, these external relationships can take a ton of coordination to ensure that everything runs smoothly and that technology-focused products and services are delivered seamlessly to our customers and users (In fact, we have one customer where their IT department works with more than 14,000 suppliers – no small feat!). To make matters worse, if and/or when our suppliers fail us, our customers turn to us and hold us accountable. As such, it’s important to get all of these moving parts right.

That’s where the Supplier Management practice guide – and a bit of the Create, Deliver, and Support (CDS) publication – can provide guidance and ensure that working with suppliers goes as smoothly as possible (more on SLAs and the Service Level Management practice guide here). This blog article will discuss the purpose and scope of Supplier Management, key areas of focus when working with suppliers, when to put Agile contracts in place, ways to measure whether our Supplier Management practice is effective, changes to the Supplier Management practice between ITIL v3 and ITIL 4 (for those of you that are familiar with ITIL v3), different Service Integration and Management (SIAM) models, along with additional resources to learn more.

The Purpose of the Supplier Management Practice in ITIL 4

Let’s start with an overview of what Supplier Management involves:

The Supplier Management practice goes beyond just saying that we need to determine how and when we’re going to work with suppliers. It also makes sure we think about both current and future needs, put good contracts and SLAs in place where possible, and make sure that our suppliers are performing in a way that’s aligned with what they’ve committed to do for us. (There are, however, times when we don’t have a say in the SLAs from our suppliers. In those situations, we have to determine whether we’re ok with the risk that we’re taking on.) The Suppler Management practice also states that we should be working in partnership with our suppliers to, for example, uncover new and innovative ideas, find improvements, save costs, and decrease overall risks.

An Overview of Partners, Suppliers, and Vendors in ITIL 4

There can be a lot of overlap between who we consider to be a partner, a supplier, or a vendor, defined here in the Create, Deliver, and Support (CDS) publication:

• Partner: an organization that provides products and services to consumers and works closely with its consumers to achieve common goals and objectives.
• Supplier: an organization that provides products and services to consumers but does not have goals or objectives in common with its consumers.
• Vendor: a generic term for any organization that sells a product or service to a customer.

From our perspective as a consumer of products and services, vendors can be partners, suppliers, a combination of the two, or neither. In fact, the CDS publication has an entire chapter on working with partners, suppliers, and vendors, and the differences between each (see section 5.2 on Commercial and Sourcing Considerations). The main takeaway, however, is that we must make sure we have a good plan in place for selecting, managing, and fostering these relationships and getting what we need from each one. To keep things simple in this article, we’re going to use the term “suppliers” throughout.

“Make” versus “Buy” and Using MoSCoW to Define Requirements

The CDS book discusses some good considerations to take into account when deciding whether to “make” or “buy” something from a supplier, and provides suggestions on giving requirements to suppliers, such as defining them using the MoSCoW principle (categorizing requirements as must-have, should-have, could-have, or won’t-have, as pictured below). This technique can be helpful when creating a prioritized list of requirements for our suppliers (see also the Agile Contracts section below).

The Scope of the Supplier Management Practice in ITIL 4

Let’s talk a bit about what’s covered within the scope of Supplier Management. The practice focuses on three key aspects, which will be further defined in the following sections:

1. Evaluating, selecting, and onboarding suppliers, and maintaining their information in a Supplier Management Information System (SMIS) – so we can more easily find supplier and contract-related information when we need it

2. Negotiating contracts and ensuring our suppliers adhere to what they’ve committed to, including meeting their contractual obligations and deliverables as well as managing supplier contracts through their lifecycle

3. Measuring, tracking, and reporting on supplier performance and triggering reward or penalty* aspects of a contract, ensuring that we get value for the money we spend with our suppliers

*See some challenges of using this approach below.

Let’s now look at each of these three areas of focus in more detail.

Area of Focus #1 – Effectively Evaluating, Selecting, and Onboarding Suppliers

The first area of focus is around successfully evaluating, selecting, and onboarding new suppliers. We should be intentional about the suppliers that we select (as we are, often, entering into a legally-binding contract), do our “due diligence”, and have some form of a “supplier assessment framework” with selection criteria beyond just price (the cheapest option does not necessarily mean we get the best value – see the description below for the difference between cost and value), so that we can more easily make good decisions on which suppliers to work with in the first place.

Depending on the kind of organization we are and our overall culture, this process – along with contracts themselves – can vary quite a bit in terms of level of formality. If you are unfamiliar with the mechanics of going through an RfX process (RFIs, RFPs, RFQs, etc. – defined in the table below), the Supplier Management practice guide provides a good overview (I have included details on how to access the full practice document below).

The Importance of Culture and Noticing “Red Flags” Early On

An interesting concept that the CDS book mentions, and I have found to be extremely helpful in real life, is to take into account the culture of your own organization as well as that of any you consider working with. If a supplier’s values don’t align with your own organization’s, there is a lot of potential for things to go wrong. Just as with any relationship, there needs to be trust and good communication, particularly when dealing with products, services, or components of those products and services between the two parties. As mentioned above, make sure to do your research and talk with existing and prior customers of any supplier to better understand their reputation in the industry. Pay attention to any “red flags” that you see early on (for example, suppliers that are nonresponsive, cannot provide concrete examples of their work, or make unreasonable requests) as these things typically only get worse with time; and don’t be afraid to walk away from these types of situations before entering into a contract. Doing business in this case will most certainly be more trouble than it’s worth.

The Value of Doing a “Pilot” or Prototype First

One option that I’m seeing more commercial and government customers use is conducting a small “pilot” or “prototype” with a supplier to test out the quality of their work and decrease their overall exposure or risk. For government agencies, this might be through awarding a small project under the Simple Acquisition Threshold and asking suppliers to create a “software prototype” before signing on for a multi-year engagement.

Strategic, Tactical, and Commodity Suppliers

Not all suppliers contribute to our mission in the same way. There are, for example, generic or commodity suppliers that provide basic services and, as such, we won’t spend as much time on this contract or the overall relationship. On the other end of the spectrum are our strategic suppliers, who significantly contribute to our mission; and we will want to spend a lot more time on these contracts and the overall relationship. And, in the middle, we have operational or tactical suppliers where we will spend some of our time. Understanding which suppliers fall into each of these categories will help us better navigate our approach to each contract and relationship (see also the figure from ITIL v3 below).

Sourcing Models

The CDS book also provides details on various types of sourcing models, for example, onshoring, offshoring, and nearshoring, and the challenges seen with each type. Again, the lowest cost is not necessarily the cheapest option over the long term; and there is a lot more complexity to manage in these types of situations, so make sure you go in understanding what you’re signing up for.

Area of Focus #2 – Negotiating Supplier Contracts and Ensuring Compliance

Here, we want to make sure we have effective contracts in place (templates with standard terms and conditions here will help) with our suppliers that details what’s expected from all parties. We want to make sure we have thought through and clearly defined how a supplier’s performance will be measured and tracked (for example, whether and how calls, onsite visits, service review meetings, or audits will be conducted) along with requirements for the product or service, roles and responsibilities, communication expectations, how deliverables will be reviewed and accepted, what requirements suppliers need to adhere to, how and when we report on supplier performance, when and how contracts will be renewed, payment schedules, as well as what happens when suppliers don’t deliver what’s expected, there are disagreements on the work that’s done, or contracts are breached.

Agile Contracts

If we are putting together an Agile contract, which is particularly helpful in situations where a technology solution is complex or innovative, and our needs, requirements, or the environment have the potential to quickly change, we’ll want to be sure to include information around things like: the overall vision and roadmap, the Minimum Viable Product (MVP), an initially prioritized product backlog (MoSCoW can help here), the length of the contract and individual sprints, etc., so that we’re getting products on a regular cadence that are “done” and that we’re inspecting, adapting, and learning along the way. Agile contacts are a good way of limiting our exposure to cost and time overruns (as time and cost are fixed constraints and the scope is flexible), decreasing overall risk, increasing the ability to accommodate changes, and gaining visibility into the products or services being produced. As a result, Agile contacts are being used more frequently in industry, even within government entities like the Department of Defense (fun fact: The DoD recently released an interesting article on how to detect Agile BS). Though not explicitly covered as part of the Supplier Management practice guide (other than a quick mention of Agile development and MVPs in section 3.2.2), here’s some additional information on Agile contracts.

Onboarding Suppliers and the “Supplier Journey Map”

Let’s assume we’ve selected a great supplier. Our next step is to onboard them. Just like we would have standard onboarding and off-boarding procedures for employees, we should have some variation of these procedures for our suppliers (getting set up in internal payment systems, having them complete security training, etc.) to ensure that they have what they need (for example, the necessary resources/access and an understanding of the “bigger picture”) to quickly start working in collaboration with our team to deliver value. Similar to a “customer journey” or an “employee journey”, some organizations have defined, automated, and even made their “supplier journey map” or “partner journey map” available online – pictured below (there are some additional details on supplier journeys in section 3.2.2 of the Supplier Management practice guide).

Partner Journey Map Example

Area of Focus #3 – Measuring, Tracking, and Reporting on Supplier Performance

Once our suppliers are onboarded, that’s where the fun happens, as our suppliers start executing on work. We want to make sure they’re delivering on what they’ve committed to; and particularly with key suppliers, that we’re building a strong relationship so that we can more effectively work together to do great things on behalf of our customers.

The Supplier Management practice guide mentions “triggering reward or penalty aspects of a contract”, and a lot of organizations put a focus on triggering penalties, especially within the federal government. However, it’s important not to spend more time and money trying to “ding” a vendor than what it’s worth and, in doing so, run the risk of severely damaging the relationship. Sharing arrangements where both parties “win” based on performance can be a much more beneficial approach.

Practice Success Factors for Supplier Management in ITIL 4

There are three key practice success factors (PSFs) that help us ensure the Supplier Management practice is working well:

• Our sourcing strategy and guidelines supports our organization’s overall strategy
• Our relationships with our suppliers are well-managed and aligned with internal and external regulations
• We successfully integrate third-party services into our organization’s products and services

SIAM and the Supplier Management Practice in ITIL 4

Another concept that is alluded to as part of the Supplier Management practice guide, but not specifically called out (though it is covered a bit more in CDS) is that of SIAM, which stands for Service Integration and Management – also referred to as multi-sourcing integration. SIAM is an approach that organizations can use to manage and control multi-sourced services by sharing best practices (with peer-to-peer process forums, working groups, etc.) and methods across service providers and instituting what’s called a “Service Integrator” layer­ (see figure below). In fact, there’s an entire SIAM body of knowledge and certification that goes along with the body of knowledge.

Simple view of a SIAM ecosystem (source: SIAM Body of Knowledge)

Different Kinds of SIAM Models in CDS

In addition to the model shown above, the CDS book discusses three other types of SIAM models. They are as follows:

1. Retained service integration – the internal organization manages all vendors and coordinates the SIAM function itself

2. Single provider – a vendor provides all services as well as the SIAM function.

3. Service guardian – a vendor provides the SIAM function, and one or more delivery functions, in addition to managing other vendors.

4. Service integration as a service (aka the “simple view” mentioned above) – a vendor provides the SIAM function and manages all the other suppliers, even though the vendor does not deliver any services to the organization.

The diagram below illustrates the differences between each of the SIAM models below.

How Supplier Management Interfaces with other ITIL Practices in ITIL 4

Supplier Management has some key touch points with these other ITIL 4 practices:

• Relationship management because, at the end of the day, we’re dealing with other humans and want to make sure we build a trusting, collaborative partnership, particularly with those suppliers that are strategically important to our organization.
• Service level management as we will have SLAs by which we manage the performance of our suppliers
• Service financial management as we want to make sure that we’re getting value for what we’re paying for with our suppliers. We also need to be able to account for and have visibility around our spend on services like cloud to make sure we’re being a good steward of our money and not overspending in places where we shouldn’t.
• Risk management as we want to expose ourselves to the least amount of risk when working with suppliers.
• Service configuration management as we need to have a good understanding of the components that suppliers provide in support of a larger product or service.

There are several other ITIL practices mentioned in the Supplier Management practice guide (for example, security management as Privileged Access Management is key for limiting and having visibility around what suppliers have access to), and these practices are covered in section 2.3 of the practice guide.

How Supplier Management in ITIL 4 Differs from ITIL v3

There are some changes to the Supplier Management practice in ITIL 4. For starters, the purpose of the practice has expanded to include developing “closer, more collaborative relationships with suppliers” to uncover new ways of working, leverage emerging technologies, reduce risk, you name it. This is similar in sentiment to the fact that we should be developing closer, more collaborative relationships with our customers and users, thereby, “co-creating value” with the products and services that we deliver.

There is mention of the different kinds of suppliers like we see in ITIL v3 (commodity, operational/tactical, and strategic suppliers as detailed above). However, in ITIL 4, there is much more detail around managing each aspect of the supplier journey, including RFIs and RFPs along and the overall evaluation and selection process.

Where to learn more about Supplier Management

Check out the SIAM Body of Knowledge. It’s not for the faint of heart (as it’s a whopping 238 pages). However, there’s some good information contained throughout. Also, AXELOS’s Supplier Management practice guide has additional details on Supplier Management and is available for free as part of a MyITIL subscription for those that have taken and passed a 2-day ITIL 4 Foundation course and exam. If you don’t currently hold the ITIL 4 Foundation certificate, a 1-year subscription to MyITIL costs $50.

If you hold the ITIL 4 Foundation credential, you have the necessary prerequisites to take any of the advanced ITIL 4 courses that discuss the concepts from this article, namely:

• 3-day ITIL 4 Create Deliver and Support (CDS) course, which include details on insourcing and outsourcing options as well as service relationships.
• 3-day ITIL 4 Drive Stakeholder Value (DSV) course, which includes details on Supplier Management and something called the “service relationship journey”, which includes the relationship and interactions with both our customers and our suppliers.