随着安全攻击的增加和对外部供应商的依赖程度越来越高,健康的 IT 供应链成为一项要求。
一目了然
- IT 供应链庞大且动态,因此领导者需要深入并负责。
- 盘点系统、供应商及其合同对于保持供应链清洁至关重要。
- 修复不守规矩的供应链需要时间和资源,但好处大于麻烦。
疫情让我们有时间反思食品和商品供应链的重要性,但供应链有多种形式。
IT 部门也拥有供应链。它是 IT 部门与之开展业务并依赖的硬件、软件、应用程序和云供应商的生态系统。IT 部门对自己的供应链管理得如何,IT 部门应该解决哪些供应链“漏洞”?
一、IT 供应链和供应商管理
我第一次考虑 IT 供应商管理是作为一名新晋的 IT 经理。 数字化转型网www.szhzxw.cn
我问过我们本来应该拥有的销售系统。它从未被使用过,放在后面房间的架子上。销售人员不记得了。我的 IT 人员也没有。我们在密室“春季大扫除”演习中发现了它,该演习旨在清除 IT 的碎片。
当我看到我们发现的软件包时,它困扰着我。事实上,我们不是在开发一个完全符合这个功能的系统吗?我们能不能只使用这个包来节省开发团队的时间?我与其他首席信息官分享了这个故事,并引起了共鸣。每个人都可以叙述类似的情况。从那时起,我开始考虑供应商和 IT 供应链管理。
二、究竟什么是 IT 供应链管理?
IT 使用的硬件、软件、培训、网络、工具、咨询等都是 IT 使用的技术供应链的一部分。据估计,平均每家公司使用 12 个不同的核心系统。
这还不包括培训或咨询等 IT 服务,也没有考虑云服务、网络、电信、HVAC 系统、系统实用程序和硬件等关键要素。综上所述,普通公司拥有庞大而多样的 IT 生态系统。很容易看出,即使 IT 部门不断为它们支付许可费,这个生态系统的各个部分也会丢失、未使用或优化不佳。这就是预算流失的地方——因为你正在为产品和服务投入资金,而你没有充分利用这些产品和服务。
你怎么能改变这一点?
三、盘点您的供应链并找出漏洞
首先,盘点您正在使用的每个 IT 服务和资产。如果我们没有对我们拥有的 IT 产品和服务进行全面盘点,我们永远不会知道销售软件占据了后面房间的货架空间。在这个过程中,我们发现了根本没有使用的销售软件,也看到了其他几乎没有被利用的硬件、软件和服务。
我们浏览了 IT 供应商的合同,发现有几个完全缺失。在其他情况下,合同已经签署并生效,但当我们查看细则时,没有 SLA,并且有终止合同的规定。在某些情况下,我们已经多年没有与供应商交谈了。
公平地说,在相当多的 IT 供应链领域,我们做得很好,但我们希望做得更好。我们认为,我们可以通过识别供应链漏洞并修复它们来改进。 数字化转型网www.szhzxw.cn
这些供应链漏洞有几种:
- 有些 IT 资产和服务没有被积极使用,但仍在预算范围内。
- 我们的文件中缺少一些供应商合同。在其他情况下,合同缺乏SLA或明确的终止条款。
- 我们遇到了供应商锁定的情况,这限制了我们的敏捷性。
- 在某些情况下,我们没有积极与供应商沟通,也不清楚供应商未来的产品和服务方向是什么,或者他们如何与我们的产品和服务保持一致。
- 我们未来的 IT 需求是我们当前的供应链无法满足的。
- 在某些情况下,我们使用的产品和服务没有达到我们想要的可靠性、安全性或治理水平。
四、采取纠正措施
我以运营、网络、应用程序和数据的负责人开始了这个项目。每个员工都指派了人员收集其所在地区的IT资产信息,并编制了漏洞清单。一旦我们掌握了供应链目标领域的总清单,我们就会作为一个小组开会制定战略。 数字化转型网www.szhzxw.cn
这是我们想出的:
我们希望立即取消或通知供应商合同中任何我们没有使用或几乎没有使用的 IT 资产。这些资产将尽快从预算中移出。我们还评估了这些资产未得到充分利用的原因。是其他软件在做这项工作吗?还是某个特定需求消失了?
我们进行了全面的供应商合同审查。这比我们想象的要困难得多,因为缺少一些合同。我们吞下了我们的骄傲,联系了供应商以获取合同副本。在其他情况下,找到了合同并进行了仔细审查。在一个供应商证明自己不可靠的案例中,我们发现合同是开放式的,没有书面终止条款。我们与律师商议如何终止合同。在其他情况下,供应商的样板合同不包含 SLA 承诺,因此我们做了笔记,以重新审视与供应商签订的这些合同,并在需要时添加 SLA。
我们确定了关键任务供应商,并发现在大多数情况下,我们没有定期与这些供应商会面。我们安排了供应商会议来审查绩效并设定 SLA。 数字化转型网www.szhzxw.cn
风险管理是我们发现的另一个供应链问题。我们探讨了是否有主要供应商让我们“锁定”了他们的解决方案,以及如果有必要,我们很难离开哪里。这些供应商是谁,我们是否需要继续锁定?如果没有,我们应该采取什么步骤?我们的供应链中是否有任何关键任务供应商的风险点?它们是否容易被收购,这会改变服务级别吗?他们是否能够满足我们的安全和治理标准?
最后,还有我们的业务和 IT 的未来。每个供应商的产品或服务路线图是否与我们的战略方向保持一致?我们是否定期与供应商就我们未来的技术需求进行沟通?有没有供应商似乎落后于技术曲线?
五、掌握 IT 供应链的领先地位
在供应链“清理”工作结束时,我们很高兴我们很好地处理了我们的供应商服务和产品。这将使我们能够更有效地运作。我们也下定决心,再也不陷入供应链泥潭了!为了避免这种情况,我们创建了一套持续的供应链管理实践,旨在定期维护我们的供应链。
我们定期与供应商会面,设计“无例外”合同审查作为每个 RFP 流程的一部分,并且不再满足于没有明确规定 SLA 的样板供应商合同。 数字化转型网www.szhzxw.cn
我们还特别强调参加重要的供应商会议并积极参与供应商客户论坛,因为我们相信这将使我们有机会影响供应商的产品和服务方向,以便他们能够更好地与我们自己的产品和服务保持一致。
从头到尾,这个练习消耗了时间和资源,但它成功地吸引了我们的注意力。如今,随着 IT 越来越多地外包到云端,以及来自第三方的 IT 自动化软件和 AI 等新技术成为 IT 中更加不可或缺的关键任务元素,对 IT 供应链的关注变得更加重要。
英文原文:
IT Must Clean Up Its Own Supply Chain
With security attacks up and more reliance on outside vendors, a healthy IT supply chain is a requirement.
At a Glance
- IT supply chain is vast and dynamic, so leaders need to dive in and take charge.
- Taking inventory of systems, vendors and their contracts is crucial to maintain a clean supply chain.
- Fixing an unruly supply chain takes time and resources, but the benefits outweigh the hassle.
IT has a supply chain, too. It is the ecosystem of hardware, software, application and cloud vendors that IT does business with and relies upon. How well is IT managing its own supply chain, and what are the supply chain “holes” that IT should address? 数字化转型网www.szhzxw.cn
The IT Supply Chain and Vendor Management
The first time I thought about IT vendor management was as a newly minted IT manager.
I had asked about a sales system that we supposedly had. It had never been used and was sitting on a shelf in a back room. Sales didn’t recall it. My IT staff didn’t either. We discovered it during a back room “spring cleaning” exercise that we had initiated to get rid of IT’s debris.
When I looked at the software package we found, it bothered me. Weren’t we, in fact, developing a system that did exactly what this one did? Could we have saved our development group time by just using this package? I shared this story with other CIOs and it resonated. Everyone could recount a similar situation. That was when I started thinking about vendor and IT supply chain management.
What Exactly is IT Supply Chain Management?
The hardware, software, training, networks, tools, consulting, etc., that IT uses are all part of a technology supply chain that IT uses. It is estimated that the average company uses 12 different core systems.
This doesn’t account for IT services such as training or consulting It also doesn’t consider key elements such as cloud services, networks, telecommunications, HVAC systems, system utilities and hardware. When you sum these up, the average company has an IT ecosystem that is vast and varied. It’s easy to see how pieces of this ecosystem can get lost, and unused or poorly optimized, even though IT is continually paying license fees for them. This is where budget bleed sets in — because you’re outputting dollars for products and services, that you’re not fully utilizing.
How can you change this? 数字化转型网www.szhzxw.cn
Take Stock of Your Supply Chain and Find the Holes
First, take an inventory of every IT service and asset that you’re using. We never would have known about the sales software occupying shelf space in the back room if we hadn’t conducted a full inventory of the IT products and services we had. In the process, we discovered sales software that wasn’t being used at all, and we saw other hardware, software and services that were barely being utilized.
We went through the IT vendor contracts and found that several were missing altogether. In other cases, contracts were signed and in force, but when we looked at the fine print, there were no SLAs and had provisions for contract termination. In some cases, we hadn’t spoken to vendors for years.
To be fair, there were quite a few IT supply chain areas where we were doing just fine, but we wanted to do better. We felt we could improve by identifying supply chain holes and fixing them.
These supply chain holes came in several varieties:
- There were IT assets and services that weren’t being actively used, but were still in the budget.
- There were some vendor contracts that were missing from our files. In other cases, contracts lacked SLAs or clear termination clauses.
- We had instances of vendor lock-in that limited our agility.
- In some cases, we weren’t actively communicating with vendors, and we weren’t clear on what the vendors’ future product and service directions were or how they aligned with ours.
- We had future IT needs that our current supply chain couldn’t fill.
- In some cases, products and services we were using were not achieving the levels of reliability, security or governance that we wanted.
Take Corrective Action
I started this project with the leads for operations, networks, applications and data. Each assigned staff to collect information on IT assets in their areas, and to compile a list of holes. Once we had the total list of our supply chain target areas, we met as a group to develop a strategy.
This is what we came up with:
We wanted to immediately cancel or serve notice on vendor contracts for any IT assets that we weren’t using, or that were barely used. These assets would be moved off the budget as soon as possible. We also assessed why these assets were being underused. Was some other software doing the job? Or had a particular need gone away? 数字化转型网www.szhzxw.cn
We performed a full supplier contract review. This was more difficult than we thought because some contracts were missing. Swallowing our pride, we contacted vendors for contract copies. In other cases, contracts were located and were carefully reviewed. In one case where a vendor had proven itself to be unreliable, we discovered that the contract was open-ended with no written termination clause. We conferred with an attorney as to how to end the contract. In other cases, the boilerplate contracts of vendors contained no SLA commitments, so we made notes to revisit these contracts with vendors and to add SLAs where needed.
We identified mission-critical vendors, and discovered that in most cases, we hadn’t been meeting regularly with these vendors. We scheduled vendor meetings to review performance and to set SLAs.
Risk management was another supply chain issue that we identified. We explored whether there were major vendors that had us “locked in” to their solution, and where it would be difficult to leave if we had to. Who were these vendors, and did we need to remain locked in? If not, what steps should we take? Were any of our mission-critical suppliers risk points in our supply chain? Were they vulnerable to being acquired, and could this change service levels? Were they able to meet our security and governance standards? 数字化转型网www.szhzxw.cn
Finally, there was the future of our business and our IT. Did each vendor’s product or service roadmap align well with our strategic direction? Were we regularly communicating with vendors about our future technology needs? Were there vendors that seemed to be falling behind the technology curve?
Staying on Top of the IT Supply Chain
At the end of our supply chain “clean up” exercise, we were pleased that we had gained a good handle on our vendor services and products. This would enable us to operate more efficiently. We were also determined to never fall into this supply chain quagmire again! To avoid that, we created a set of ongoing supply chain management practices designed to maintain our supply chain on a regular basis.
We met regularly with vendors, designed a “no exceptions” contract review as part of every RFP process, and no longer settled for boilerplate vendor contracts that didn’t have expressly stated SLAs.
We also made it a point to attend key vendor conferences and to actively participate in vendor client forums, because we believed it would give us an opportunity to influence vendor product and service directions so they could better align with our own. 数字化转型网www.szhzxw.cn
End to end, this exercise consumed time, and resources, but it succeeded in capturing our attention. Attention to IT supply chains is even more relevant today as IT increasingly gets outsourced to the cloud, and as new technologies like IT automation software and AI from third parties provide become even more integral, mission-critical elements of IT.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于数智化转型网;编辑/翻译:数字化转型网宁檬树。
免责声明: 本网站(http://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
