In the midst
of worrying about cybersecurity threats from viruses and hackers, it’s easy to
overlook security risks from the way you manage vendors and contracts. You
think, “Hey, I’m paying legitimate businesses to oversee my IT needs—and I’ve
got a contract with them. What’s the worry?”
plenty of worry, actually—especially if you haven’t evaluated your vendors or
vendor management process in a while. Here are some tips and best practices to
help you shore up this overlooked security risk.
It’s good to
collect and centralize as much information about your vendors as you can. Make
sure you’re clear on:
performing a simple inventory may surprise you. For example, you may find that
a vendor is wildly unpredictable in their monthly billing or that a certain
vendor hasn’t been living up to a support agreement.
seem like an obvious best practice but many aspects of contract review are
often neglected in organizations. A contract should clearly spell out:
haven’t reviewed existing contracts in a long time, then take time to go
through them. Look for gaps between what the contract says and the services
you’re receiving. From this point forward, make sure (in addition to your city
attorney) that you have a business stakeholder and an experienced technology
professional evaluate all new vendor contracts.
reviewing your contracts, you may notice some anomalies. Perhaps you’re getting
way overcharged for a service. Maybe one vendor hasn’t upgraded their software
or service model for many years. If you have doubts about any particular
service, then shop around. You may just find that a cheaper and/or higher
quality service exists that would benefit your city. If you still want to keep
a vendor, then you may be able to leverage market knowledge to renegotiate your
pricing or get the vendor to provide more services.
We wrote a post about IT procurement a few
years ago that covers the following best practices:
RFP or RFI process, follow a series of steps that help you select the best
vendor. Business stakeholders and IT professionals need to work together to
evaluate all aspects of a vendor for financial stability, the ability to
deliver quality services, the relevancy of the solution, and pricing. Bad
vendors will lead to possible security risks.
are vetted, paid, and serving you, you need a third party with a deep knowledge
of information technology to oversee vendors. Busy, non-technical city staff
can easily overlook issues with vendors such as security concerns, performance
problems, and adherence to a contract. And even the best technology vendors
often have difficulty working with non-technical staff about major issues. IT
professionals will be able to communicate with vendors more efficiently while
also warding off major problems and security risks.
these steps, you will make a lot of progress toward eliminating security risks
related to vendors and their contracts. Going through these steps is also a
great exercise in transparency, finding potential cost savings, and ensuring
higher quality services at your city.
Questions about managing your technology vendors? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.