In uncertain economic times, you may feel wary when choosing a technology partner. If that vendor goes belly-up, you don't want to be left out in the cold with technology you can't support or has no upgrade path.
Whether you choose to put all your eggs in one basket or spread out the risk among several partners, there's no one-size-fits-all solution -- it depends on the culture and sophistication of your organization, and the talent you have to drive those decisions. The reality is there's always a risk in any IT deployment that you're not going to reach the finish line for any variety of reasons -- the failure of a vendor is just one possible contributor, said Andy Woyzbun, lead analyst with Info-Tech Research Group.
While there are no guaranteed indicators, there are signs to watch out for, and ways to protect yourself if, in fact, your vendor is suddenly out of the picture.
Include specific criteria in your RFP to help manage risk, such as financial stability, said Yvon Audette, partner and national service line leader for IT advisory services with KPMG Canada LLP. Look at revenues if the vendor is publicly traded. Or look at information about their R&D budget (and what they're planning to spend in coming years) or any pending litigation that may have an effect on future earnings or the viability of that organization.
If you're buying an application from a small boutique vendor and you're worried about its financial viability, put language in the agreement that talks about source code escrow, so if the vendor goes belly-up, you have the ability to gain access to the source code of the commercially developed product. If you're dealing with a large vendor, however, the chances of them providing their source code is unlikely.
When you're partnering with a software-as-a-service vendor, make sure the data is readily available to you in the event that something should happen, said Audette. From a broader outsourcing perspective, if you don't have capabilities to do your own disaster recovery, get into another arrangement for disaster recovery from a different vendor. Or, if you're dealing with the same vendor, be specific about where those services are being delivered from, and make sure there's separation and distance between Data Centre A and Data Centre B.
Sometimes historic financial statements don't tell you much about the current situation, said Woyzbun, so look at whether the company is growing. If their customer base is stagnant, that's not a good sign, because that typically means they're living off old maintenance agreements. But there are no guaranteed indicators of problems, so minimize risk by talking to current customers to see if the vendor is meeting schedules and fulfilling service agreements.
What to watch out for with smaller vendors
"I've been in the business about 30 years now, so I've seen vendors come and go, and I've learned the hard way," said Phil Armstrong, EVP & CIO of Symcor Inc. "I've been stranded with smaller vendors and I've also been trapped with larger vendors."
With small vendors you typically pay a licence fee and a maintenance fee. Always insist on knowing what they're doing with those maintenance fees. Are they pocketing it to cover their costs, or are they reinvesting it back into the product? Also insist on user forums that bring key users together on a regular basis to talk about their experiences in front of the vendor, which can help influence product direction.
"Before I put any software into my environment, I have to ensure it works and meets certain quality bars, so we share our test decks with the vendor ahead of time," said Armstrong. "I'm trying to ensure I get good quality before I start testing."
When you enter into an agreement with a small vendor, include wording about technology supportability. That means if a product becomes unsupportable, you can invoke the technology supportability clause that allows you to take the code out of escrow. That doesn't have to mean the vendor is no longer viable -- it can mean you're not willing to take the technology risk the vendor is putting you under.
For the Canadian Red Cross, key considerations are how long a vendor has been around and how diverse its revenue is. "We look at their references, who they've worked with and how long, even their interaction during the initial RFQ and RFIs," said Almin Surani, CIO of the Canadian Red Cross.
The not-for-profit partnered with smaller vendors on a small program that became more mission-critical, so it looked at options of escrow. "We try to protect ourselves in situations where we're working with small vendors or mom-and-pop shops," he said. "If that becomes an issue, we need to look at whether that's a technology we want to continue with or if we need to move to another platform." If he were to notice deteriorating service, and had provided feedback but the situation wasn't turning around, he'd immediately start shopping around and talking to other CIOs about what they use and what their experience has been.
What to watch out for with larger vendors
When it comes to Tier 1 vendors, that's a whole different kettle of fish, said Armstrong. Now you're talking about sophisticated software organizations that have lawyers on staff, templates for contracts, established SLAs and procedures for delivering software on certain release schedules. Essentially, you're buying a solution and tailoring your business to that solution.
"My preference is to deal with larger, more financially stable organizations," said Rob Zelinka, director of IT with TTX Co., who makes the decisions on vendor selection and has a preference for dealing with HP and Cisco. "We're a small organization so there's no need to manage multiple vendors, nor is there a need to spend an inordinate amount of time weighing the pros and cons of each vendor." For mission-critical applications, he's less likely to take risks on small boutique vendors.
But, even with larger vendors, there are no guarantees. "You're seeing large stable reliable vendors being acquired by much larger stable reliable vendors and forming partnerships," said Zelinka. His company, for example, had selected Data Domain Inc. to do backups of its corporate data, and Data Domain was recently acquired by EMC Corp. "Fortunately we're an EMC customer," he said. "Let's say we weren't. Then, we just basically bought into a product that has no long-term viability. And that can be costly and painful."
What to do if your vendor partner goes belly-up
Buy from vendors that are growing as opposed to vendors that appear to be in decline, and talk to current customers going through the same process you intend to go through, said Woyzbun. Be prepared for the fact you may not get to the finish line for any number of reasons, one of which is business failure.
As part of the due diligence process, identify firms or consultants who have expertise in that particular technology so you have a backup plan if your vendor goes belly-up. "Know who these people are so you can achieve a certain degree of support," he said. "It's not the same thing as an upgrade path, but at least if it works you can continue to handhold it through its remaining lifetime." While the code may be held in escrow, if you're one-third of the way through a deployment process, are you going to be prepared to deploy that software through some unknown third-party?
But don't panic, said Zelinka. Support will always be available. When an organization goes out of business, other organizations are created to fill in the gaps, and you might be pleasantly surprised that the support you're receiving from a third-party player is better than the support you were receiving from the vendor.
For mergers and acquisitions, determine what course of action needs to be taken: Are you toward the end of your refresh cycle or did you just buy this product two months ago? If it's the latter, you need to sit down with your vendor and try to get some form of the truth as to what this means for you, and that's not an easy proposition, because they may not know.
But you want an idea of how they're planning to evolve the product line (or not), and whether it will be around 10 years from now, said Audette. And ask for that in writing. But, whether you're faced with a business failure or an acquisition, know your resumption plan: How can you get the business back online without having that vendor involved? If you're able to answer that, then you're already one step ahead.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.