Enhancing and Sustaining Business Agility through Effective Vendor Resiliency

Similar documents
CIO Priorities: Striking the Right Balance Between Growth and Efficiency

What if one healthcare IT company is stronger than two?

ICD-10 Advantages Require Advanced Analytics

Solution Overview. Transform your life and annuities business

Cognizant Solution Overview. Solution Overview. Cognizant and Measure Partner to Deliver a Dramatic Business Impact for Insurers Using Drones

Breaking Tradition in ICD-10 Testing

>ModelEye Solution Overview

Cognizant Digital Media Services: One partner for all your content needs

Solution Overview. Cognizant Delivers Submission as a Service for Commercial New Business Submission Intake Process

Diagramming Change to Better Inform Business Process Renovation

Value Stream Services

Strategic Cost Optimization: Driving Business Innovation While Reducing IT Costs

Making Life Easier for Investigators: A Shared Solution for Smarter, Faster Clinical Trials

Offering Overview. Change Adoption

Integrated Mobility QA: A Strategic Business Enabler for Enhancing End-user Experience Across Digital Channels

How to pivot your silo-based manufacturing operations to a more integrated framework capable of dealing with new requirements for mass customization.

Transformation to World Leading Quality: Is Your Organization Ready?

Front-to-back Architectural Re-design for a Global Universal bank

Reimagining content value to deliver personalized experiences and drive growth.

GSE Loan Delivery: Interim Analysis and Approach

Transformation Enablement

Retail Analytics: Game Changer for Customer Loyalty

Digital Engineering: Top 5 Imperatives for Communications, Media and Technology Companies

Transform your life and annuities business to reduce expenses and promote business growth.

Content as a Service

Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Industry

Greenfield Application Solution

CONNECTED PRODUCTS OVERVIEW. Connected Products

Speeding Human- Centered Technology to Market

Improving Clinical Trial Patient Retention Using Cognizant s HealthActivate Patient Engagement Solution

Minimize Returns, Maximize Recovery: Reverse Logistics Made Easy and Simple

Offering Overview. Managed Innovation

Unlocking the Value in Warranty Management

A Strategic Approach to CMO Serialization Compliance

A Next-Generation Approach to Integrated Warranty Management

Government Solutions for Today s Healthcare Challenges

Digital Game-Changers for the Communication Service Provider Industry

Solution Overview Connected Places

Digital Field Services Improves Performance & Up-Time

How DevOps Drives Real-Time Business Growth

Coordinating Security Response and Crisis Management Planning

Transforming the Business Through Large-scale Product Implementation

Shaping a Three-Layered Intended Strategy to Realize Benefits for Life Sciences R&D Site Closures

Output- and Outcome- Based Service Delivery and Commercial Models

Corporate Overview. Helping clients win with digital at scale and speed

Multi-Country Core Banking Implementation: Challenges and Solutions

HIX 2.0: New Alternatives for State Participation in Health Insurance Exchanges

Future of Work Enabler: Flexible Service Delivery

Data Management in the Footwear Industry

DUCK CREEK POLICY UPGRADE FACTORY. Cognizant s Duck Creek Policy Upgrade Factory helps insurers transition to the latest version of Duck Creek Policy.

BACK-OFFICE TRANSFORMATION OF A GLOBAL INVESTMENT BANK

Synergizing Master Data Management and Big Data

Reducing IT Complexity to Accelerate Digital Business

COMPETE IN THE DIGITAL ECONOMY WITH APPLICATION MODERNIZATION FROM COGNIZANT

Outcome-Focused IT Delivery: The Next Step in the Continuous Improvement Journey

FUJITSU Transformational Application Managed Services

Cognizant BigFrame Fast, Secure Legacy Migration

Lifecycle Stage Assessment: A Framework for Improving Adoption of Web Self-Service

CASS Governance Implementation for a Global Universal Bank

Architecting an Enterprise Content Management Strategy: A Four-Pillar Approach

Beyond the Cloud: Reaching for Stratospheric Heights of Accelerated Business

Asset Finance & Leasing: Navigating the Pivot to Digital

Demystifying Engineering Analytics

Enterprise Asset Maintenance Optimization

At the Heart of Connected Manufacturing

Application Migration to the Cloud C L O U D A N A L Y T I C S D I G I T A L S E C U R I T Y

Global Headquarters: 5 Speen Street Framingham, MA USA P F

How a Global Manufacturer Successfully Enhanced its Pricing Structure in Four Critical Steps

Cognizant Digital Engineering: Accelerate Application Transformation for the Cloud

RSA ARCHER IT & SECURITY RISK MANAGEMENT

Development Office (India) Corporate Headquarters. FLAT NO 202,KKR Square, Plot# 5, Kavuri Hills, Jubliee Post HYDERABAD , Telangana.

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

Manufacturing Success

An Integrated Approach to Application Portfolio Rationalization

At the Heart of Managing Customer Expectations

COMPLIANCE TRUMPS RISK

Data Integration for the Real-Time Enterprise

Managing Automotive Export Sales Planning and Order Fulfillment in a Volatile, Uncertain, Complex and Ambiguous World

See the world. differently. Embrace change and profit from marketplace uncertainty

Cognizant and Duck Creek Helping P&C insurers accelerate business transformation

Intelligent Automation Opportunities in the Federal Government

How Agile Application Portfolio Rationalization Delivers Digital Success

The velocity of change

Preparing your organization for a Human Resource Outsourcing implementation

Managing the move to SMI How EY helps clients get the most from a multisourced environment Service management integration (SMI)

Integrated Business Planning. Key insights and your way to start

Accenture and Salesforce. Delivering enterprise cloud solutions that help accelerate business value and enable high performance

The credit card industry: navigating an evolving environment. EY Advisory Services

PARTNER SOLUTION BRIEF

A Framework for Digital Business Transformation

ENABLING FRONT OFFICE TRANSFORMATION

The Future of Workload Automation in the Application Economy

A New Approach to Application Portfolio Assessment for New-Age Business- Technology Requirements

The Role of the VMO in Regulatory Compliance Planning, Due Diligence and Contract Negotiation

BIM. the way we see it. Staying Informed. A BI Service Center is vital for delivering your overall Information Strategy

ORACLE CX REFERENCE ARCHITECTURE FOR COMMUNICATIONS

B2B Integration Managed Services Provider Profiles: Axway

FUJITSU Transformational Application Managed Services

Expand your automation horizon and your returns with Cognizant s comprehensive intelligent automation solutions

How Performance Management Maturity Drives Business Agility and Innovation

Transcription:

Cognizant 20-20 Insights Enhancing and Sustaining Business Agility through Effective Vendor Resiliency Extracting continuous value from third-party vendors means methodically assessing their ability to remain best-of-breed amid ongoing technological change and ever-elevating customer expectations. Following our three guiding principles and proven framework can help. Executive Summary The ever-growing competitiveness across mature industries from financial services to consumer products is causing rapidly diminishing margins of error. Customers expect, even demand, always-on products and services. To deliver on these expectations, organizations are increasingly including products and services from a growing list of vendor partners to extend the robustness and reliability of their end-to-end business capabilities. For their part, third-party vendors are growing in maturity and sophistication, and rapidly becoming an integral and substantial part of the overall business and IT landscape for many companies. We recently partnered with a global financial services firm to strengthen its vendor risk management capabilities. This client partners with strategic vendors that offer industry-leading solutions to support business-critical functions, such as credit and risk management. Like other companies in these increasingly common situations, our client shared an evergrowing portion of its business and operational risk with its vendor partners, as any outage or disruption in the vendor products could result in a significant financial, operational and reputational impact. For example, our client experiences a potential financial loss of several million dollars for every hour the credit-rating vendor product is down because such a disruption causes several business functions and operations to come to a standstill. We characterize such vulnerabilities as vendor resiliency risk. Our experience shows that companies are slowly but surely improving select parts of the vendor risk equation in areas such as sourced IT application development and support. However, we see big gaps in companies managing risk across vendor partners that provide critical valueadded products and services, such as real-time business-to-business (B2B) data or specialized services. Consequently, we are seeing strong interest among companies seeking a formal vendor resiliency program to rigorously assess and mitigate financial, operational and reputational risk. We partner with these clients, focusing on two key areas: Internal process maturity to understand and measure key resiliency risk. This includes objective tools and frameworks, as well as a set cognizant 20-20 insights april 2014

of service level agreements (SLAs) that cover vendor adherence, emphasizing strong vendor performance-tracking capabilities. The ability to assess critical process and technology vulnerabilities within vendor products and address shortcomings with focused performance improvement plans. We have defined three guiding principles for companies to strengthen vendor resiliency: 1. Assume full accountability for end-to-end resiliency within products and services, including capabilities enabled through vendor products. Customers and regulators are increasingly holding companies accountable for the full range of their products and services (including support of vendor products). Companies need to build strong capabilities to assess and mitigate risk across all vendor products. Prioritizing vendor products can help companies manage risk more effectively by optimizing available resources and increasing focus on critical products. 2. Ensure a well-coordinated and comprehensive approach to manage vendor product resiliency. Various groups across business, technology, operations, procurement and vendor management functions need to coordinate their efforts to effectively mitigate resiliency risks. Additionally, companies need to adopt a comprehensive approach, going beyond the standard availability and business continuity planning (BCP) attributes of vendor products. Companies need to look internally, as well as focus on additional aspects of their vendors capabilities, such as technology and process capabilities (i.e., change and incident management). They then should adjust SLAs, contracts and performance monitoring, accordingly. 3. Ensure a sustainable focus on vendor resiliency, adjusting to a continuously evolving vendor landscape. To remain agile in times of change, companies should utilize objective and flexible frameworks and tools that are manageable and able to handle a wide array of vendor products. Additionally, we recommend a set of core and actionable success factors for vendor resiliency initiatives. These include ensuring leadership commitment to vendor resiliency, concentrating on objectivity, adjusting SLAs and implementing quick-win opportunities, such as strong communication models with vendors and coordinated execution of BCP testing. In the case of the aforementioned financial services firm, we helped the company establish strong internal processes to manage vendor performance, along with a scorecard-based resiliency improvement program for critical vendor products. These resiliency measures will result in a swift drop in outages that should reduce the financial impact of downtime by 40% to 50% (see sidebar, page 7). In the sections that follow, we describe vendor resiliency and the three guiding principles in greater detail. We also outline a robust framework that can help drive any organization s resiliency program, both internally and with vendor partners. From there, we propose a set of key recommendations that companies across industries can start to act upon. Defining Vendor Resiliency We define vendor resiliency as a set of core process and technology capabilities related to vendor products and services that ensure seamless integration, optimal and sustainable performance, and highly available always-on operations. Highly resilient vendor products/ services demonstrate: Optimal integration with the organization s value chain. Maximum change coordination with organizations. Robust technology and architecture composition. Strong incident management capabilities, with the ability to swiftly address challenges. A robust backup or disaster recovery infrastructure with seamless switch-over capabilities, along with sound business continuity plans and testing. Vendor Resiliency Programs Organizations with a heavy reliance on third-party partners are increasingly establishing dedicated vendor resiliency programs. Such programs are intended to ensure minimal business disruption resulting from outages due to vendor product failure, both in terms of frequency and impact. Effective vendor resiliency programs are structured, well-defined and focused on sustainability. Well-designed programs include the following: cognizant 20-20 insights 2

A proactive, ongoing and disciplined review of technology/architecture capabilities, operational readiness, BCP and readiness testing, and alternative sourcing where necessary and feasible. A focus on a disciplined assessment of process maturity in key areas such as performance monitoring, change coordination, incident management and contract management. An objective methodology, heavily reliant on measurable and well-defined metrics and corresponding SLAs that align well with the company s business goals. Key Drivers Several trends are converging to elevate vendor resiliency to a level that is on par with the most strategic focus areas within many organizations. These include: Growing reliance on vendors as part of the core value chain. Vendors are becoming extremely sophisticated, serving multiple leading organizations across industries. These vendors are then able to leverage their experience across these organizations to continually enhance their products and services. Vendors are rapidly transitioning from supporting organizations in noncore areas to playing critical roles within their core value chain. (For more on this topic, read The Fluid Core: How Technology is Creating a New Hierarchy of Need and How Smart Companies Are Responding. ) Customer demand for high availability and reliability. Several factors, including 24x7 business cycles across industries, increased globalization and growing reliability across all products and services, are transforming customer expectations for always-on applications with close to 100% availability. Regulatory requirements for organizations to take full ownership of their solutions, including enabling solutions from vendors. Regulators such as the Consumer Financial Protection Bureau (CFPB) and Office of the Comptroller of the Currency (OCC) within the financial services industry are increasing mandates for organizations to take full accountability for their end-to-end services, including vendor oversight. 1 Increased risk from new types of threats, coupled with growing impact and frequency. Companies across industries face greater and more sophisticated threats, ranging from information security and data breaches, to cards and payments threats, to threats targeting vulnerabilities in parts of global supply chains. Relentless focus on cost-effectiveness, faster time to market, customer satisfaction and overall agility. These focus areas are driving companies to evaluate vendor solutions as accelerators and regard vendor resiliency as a strategic focus area. Guiding Principles for Enhancing Vendor Resiliency As these trends demonstrate, organizations need to establish vendor resiliency as a strategic and sustained focus area to meet customer and regulator demands. Increased vendor resiliency will enable organizations to accelerate their reliance on vendor partners, while addressing sophisticated and pervasive threats, all with a laser focus on cost. In our work with clients that have varying degrees of maturity in this area, we have outlined a set of three guiding principles that organizations can follow as they launch or strengthen their vendor resiliency programs. Guiding Principle #1: Assume full accountability for end-to-end resiliency within products and services, including capabilities enabled through vendor products. With customers and regulators holding companies accountable for their products and services as a whole, organizations need to build strong capabilities to adequately manage end-to-end resiliency. Because vendors are so diverse in terms of the scale and size of customers they serve, their internal process and technology maturity, their financial strength and their people, organizations need to adopt resiliency measures that are firm yet flexible (see Figure 1, next page). Consider any medium- to large-size organization: These companies typically engage 40 to 100 unique vendors with different levels of complexity and maturity, ranging from globally sophisticated vendors to small niche players. Full accountability implies that organizations have extensible capabilities that enable them to effectively cover all types of vendors. To attain cognizant 20-20 insights 3

Adjust Resiliency Assessment Based on Product Criticality 1. Determine vendor product criticality: Business impact of potential outage within vendor product. Regulatory considerations. Data/information security criticality, based on data being transacted. Type of service (synchronous, asynchronous, batch). 2. Adjust depth and frequency of ongoing resiliency assessment/deep-dives: Objective scorecard-based evaluation. Coordinated business continuity planning/ performance testing. Ongoing technology/architecture assessment. Figure 1 this comprehensive level, vendor resiliency needs to be a core and strategic program that is well supported by organizational leadership. Additionally, companies need a structured methodology to evaluate the criticality of vendor products. Companies cannot afford the same level (frequency and depth) of resiliency assessment and follow-through across all vendors. They need to focus more closely on business-critical vendors. From our experience, the criticality among vendor products in a typical medium to large company follows the Pareto principle closely; that is, 20% of these products are critical and pose 80% of the major resiliency risks. As such, the focus needs to be on this 20%. Guiding Principle #2: Ensure a well-coordinated and comprehensive approach for managing vendor product resiliency. In our experience, we see widely distributed vendor management responsibilities across different business, technology, operations, procurement and dedicated vendor management functions. This variance is the result of years of business evolution and changing priorities, and often is a vestige of the past, when vendors focused more on noncore products and services. But as vendors become strategic partners and play at the heart of the core value chain, their distributed focus is increasingly becoming a major hindrance and is exceedingly counterproductive in managing overall vendor resiliency. Companies need to leverage different groups and their capabilities in streamlining cross-functional management of resiliency risks. Another factor is the breadth of objectives that companies need to include. Traditionally, companies have thought of resiliency as focused on system availability and BCP readiness. However, our experience shows that availability is more a reflection of resiliency, and BCP is just one aspect of a structured toolset that addresses resiliency risk. In today s complex environment, resiliency risks across vendor products can be attributed to a range of drivers, each capable of posing financial, operational and reputational risks. These risk drivers include suboptimal vendor management processes, such as change coordination with vendors, incident and post-incident management, ongoing technology and architecture evaluation of vendor products, etc. Similarly, a whole set of technology and architecture risk drivers contribute to resiliency risks. Some of these include the health of the overall technology stack, the disaster recovery infrastructure, switch-over capabilities, etc. Additionally, companies often do not optimally manage their internal vendor management capabilities. Along with a well-coordinated effort, companies need to focus on developing robust and objective frameworks that can serve a wide range of vendor products. Our framework (outlined later in this paper) provides a dual approach, focusing equally on internal capabilities. Guiding Principle #3: Ensure sustainable focus on vendor resiliency, adjusting to a continuously evolving vendor landscape. All major industries are experiencing the transformative forces of disruptive change wrought by new business processes and accelerated adoption cognizant 20-20 insights 4

of social, mobile, analytics and cloud technologies, or the SMAC Stack. Companies and their vendors are responding by rapidly evolving to address customer demands to more quickly transform. As such, a vendor resiliency program must become a strategic focus that is sustained over time. The implications on organizational transformation and sustenance include: The vendor resiliency assessment and associated performance improvement planning need to be objective and fast paced. We work with clients to develop a rich set of objective tools, including a detailed RFI on various process and technology resiliency elements, and an associated resiliency scorecard that highlights key focus areas. The vendor resiliency program needs to be ongoing, while prioritizing critical products. The toolset RFIs and scorecards we build for our clients facilitates a continuous focus by allowing vendors and companies to prioritize incremental change, as well as each change s resiliency implication. Vendor Resiliency Framework and Approach Based on our work with clients across industries and from the transformative changes that we have witnessed in vendors sophistication and their role within the core value chain of companies we have developed a comprehensive and extensible vendor resiliency framework. This framework leverages and aligns with the three guiding principles described above. Overarching Framework Our vendor resiliency framework takes an objective view, providing a clear set of focus areas (e.g., business resiliency, incident and change management, technology and architecture assessment, ongoing governance) and a supporting set of tools and artifacts. The framework offers a holistic approach to resiliency, but to work well, it requires a high level of coordination and engagement among internal stakeholders and vendor partners. A key feature of the framework is its dual-pronged approach, which simultaneously focuses on enhancing internal process maturity, while addressing specific risks of targeted vendor products. Additionally, the framework is dynamic; it evolves through continuous attention to both proactive and reactive aspects of vendor resiliency (see Figure 2). Approach and Methodology We have defined a structured and mature approach for more effectively utilizing our vendor resiliency framework (see Figure 3, next page). Following this approach and methodology will ensure: A high level of engagement from vendors and internal stakeholders. A key feature of the framework is its dualpronged approach, which simultaneously focuses on enhancing internal process maturity, while addressing specific risks of targeted vendor products. Enhanced Vendor Resiliency Vendor Resiliency Focus Areas A Business Resiliency B Incident Management C D E F Change Control & Coordination Technology/Architecture Composition Performance/Service Quality Tracking Ongoing Vendor Management Internal Process Maturity: Vendor Resiliency and Performance Management Stakeholders and stakeholder engagement model. Key processes, such as incident management, change control/coordination, contract management. Technology and architecture assessment and governance. Ongoing vendor performance evaluation and reporting. Vendor Products: Focused Resiliency Assessment Resiliency assessment dimensions, request for information and discussions. Technology and architecture composition. Vendor engagement processes (communication model, change coordination, performance evaluation, etc.). Ongoing vendor resiliency assessment using scorecards. Figure 2 cognizant 20-20 insights 5

Utilizing the Resiliency Framework Vendor Resiliency Assessment Inputs Organizational Inputs Vendor performance management processes (teams, SLAs, reporting, etc.) Otherrelevant processes (incident i nt and change management, contract management, etc.) Resiliency RFI Vendor Inputs Discussions & Workshops Industry Best Practices and Frameworks 1. Performance SLAs and metrics 2. Industry-specific vendor guidelines 3. Industry trends (business and technology) 4. Reference architectures Discussions & Workshops Process Maps Product Documents Performance Reporting Vendor Resiliency Assessment and Target State Recommendations A B C D E F Incident Change Control & Technology/Architecture Performance/Service Management Coordination Composition Quality Tracking Business Resiliency Ongoing Vendor Management Recommendations to enhance internal process maturity Tools and artifacts to enhance process maturity and enable a strong vendor resiliency program Stakeholder Engagement Model (RACI) Resiliency Scorecards Other artifacts Communication model Process catalog SLA & metrics model Governance model Etc. Recommendations to enhance resiliency within specific vendor products Recommended prioritization based on impact and effort Implementation and change management plan Figure 3 Use of industry best practices and guidelines in relevant areas. Heavy reliance on the set of key resiliency dimensions on all aspects of analysis, such as RFI, scorecards, assessment focus areas and performance improvement plans. A strong and successful vendor resiliency program typically pivots around the following goals: 1. Ensure leadership commitment to vendor resiliency; establish a program lead across business, technology, operations, procurement and vendor management functions. Sponsorship from top leadership will help streamline the approach to vendor management and performance tracking across teams. A principal lead accountable for the overall program will help with conflict resolution and consensus-building across teams, institutionalization of the enhanced vendor resiliency measures, and continuous improvement. 2. Strengthen your vendor resiliency program with objectivity. A critical success factor is the level of objectivity within the resiliency assessment and monitoring program. We use flexible and extensible scorecards to help ensure objectivity (see Figure 4, page 8). 3. Increase vendor accountability for resiliency by closely examining and ensuring that vendor performance SLAs align well with business objectives and criticality, and by defining clear implications for SLA nonadherence. We often find that clients have gaps in these areas, such as: > > Lack of adequate SLAs that measure critical metrics. > > SLAs that are very broad and do not reflect business criticality. > > Nonstandard SLAs, which make vendor compliance difficult. > > A lack of clear implications for vendors for SLA non-adherence. We recommend that companies utilize industry standards and institutionalize a core and limited set of SLAs to monitor key aspects of performance, availability, scalability, BCP, etc., and then use these consistently across all vendor products. Additionally, organizations need to carefully cognizant 20-20 insights 6

Quick Take Vendor Resiliency Program Pays Off for a National Mortgage Servicer We recently partnered on a vendor resiliency program with one of the largest retail mortgage servicers in the U.S., a subsidiary of a large multinational bank. We started by focusing on a small set of vendor products but soon discovered that significant opportunities existed within the client s internal processes and capabilities. Business Challenge Our client acts as a principal gateway organization, responsible for integrating 80 B2B vendors that provide real-time information-centric products (such as credit rating and fraud monitoring) to the parent company s core retail mortgage servicing platform. The client is experiencing a significant increase in business and transaction volume and, hence, has been relying more heavily on its vendor partners. Consequently, the client wanted a structured approach and capabilities to assess and mitigate resiliency risks within these vendor products. An immediate goal was to address/reduce recent spikes in outages within critical vendor services, which were impacting business functions on the order of several million dollars for every hour of downtime. Solution As discussed within our proposed framework, we approached this resiliency project in two parts: Part 1: We partnered with different client teams and stakeholders on a comprehensive internal maturity assessment of key vendor performance management processes and capabilities. We engaged stakeholders across different business, technology, operations, procurement and vendor management areas to develop a current-state understanding. Additionally, we analyzed key processes such as incident and change management, performance tracking, SLA and contract management, along with their ongoing governance. We also analyzed existing vendor performance metrics, SLAs and reporting and utilized an objective scorecard to baseline and highlight gaps and opportunities associated with our client s vendor management processes. Finally, we developed a prioritized set of recommendations to address the identified gaps. Part 2: We engaged the target vendors in a structured and objective resiliency assessment of their specific products utilizing RFIs and informal discussions to assess their processes and capabilities across key dimensions. We also assessed key technology and architecture dimensions, such as technology stack and infrastructure health, performance tracking, BCP readiness, etc. Additionally, we looked at issues and outages associated with the target products and utilized an objective resiliency scorecard to summarize our findings on key resiliency risks and opportunities. Finally, we developed a prioritized set of recommendations to address resiliency gaps across these target products. We highlighted quick-wins such as launching a strong communication model and more frequent execution of coordinated BCP and performance testing. Longer term recommendations included enhancement of performance monitoring, addressing technology and architecture gaps, and strengthening BCP capabilities. Benefits Implementing the recommended resiliency measures will result in a swift reduction in outages associated with these products. In the first 12 to 15 months, we estimate that the client will see a reduced financial impact of 40% to 50% associated with outages within the target products. Given that an outage within just one of the target products has an impact of several million dollars per hour, a reduction in outages across several products will result in substantial financial savings over time. Additionally, the streamlined vendor resiliency processes and capabilities across a dozen teams will result in a reduction of 30% to 40% in aggregated effort through more effective crossfunctional collaboration. With the set of objective tools and measures to run an effective and sustainable vendor resiliency program, the client can now continue expanding strategic partnerships with industry-leading vendors. cognizant 20-20 insights 7

Scorecard for Assessing Vendor Product Resiliency Business Resiliency Vendor financial strengthth Functional scalability Business criticality Technology Capability/Architecture Tech capability/architecture Platform service quality Ongoing evaluation Vendor Inputs Very High Incident Management ent Issue notificationion Problem analysiss and resolution Post issue resolution Performance/Service Quality Tracking Performance measurement and tracking Techn echnology/architecture performance Service quality monitoring Vendor Resiliency Scoring High Moderate Change Control and Coordination Change impact assessment Change coordination Ongoing Governance Dimensions Vendor resiliency governance Performance testing SLA management and adherence Low Figure 4 define objective and adequate implications for SLA non-adherence, usually in terms of financial implications formalized clearly within contracts. 4. Identify and implement quick-win opportunities to expeditiously and significantly enhance vendor resiliency. Some quick-win opportunities include: > > A strong communication model between the company and the vendors. An up-todate communication model across the company and its vendors can drive optimal coordination across scenarios, such as incident management, change coordination, BCP testing and performance testing. > > Regular and coordinated BCP testing. Many of our clients and their vendors have established strong BCP testing plans but fail to execute in a coordinated fashion on a regular schedule. This leads to a lack of readiness and a significant increase in resolution timelines during an outage. Regular coordinated testing can significantly enhance disaster recovery switch-over readiness and minimize the impact of potential outages. Looking Ahead Vendor resiliency is becoming a top agenda item for organizations that increasingly rely on a greater number of vendor partners to play a substantial role across their core value chains. As a result, third-party vendors are becoming more mature and are increasingly providing industryleading products and services that companies across industries rely on for core business functions. Despite their increased reliance on third parties, most companies take a fairly fragmented approach to vendor management, tasking several groups across business, technology, operations, procurement and vendor management functions to play different oversight roles. We strongly believe that vendor resiliency needs to be driven centrally with a formal program and a program lead accountable for optimizing the organization s cross-functional effort for effectively assessing and mitigating resiliency risks. Quick-win opportunities can significantly boost vendor resiliency, such as maintaining an up-to-date communications model, more effectively governing existing BCP test plans, adjusting SLAs to reflect business criticality, and providing hands-on coordination of effort across existing teams. An effective change management initiative can significantly catalyze any organizational transformation associated with vendor resiliency. Finally, vendor resiliency programs need to be sustained as a strategic capability in order to continuously assess and mitigate risks resulting from the ever-evolving nature of business both internally and across vendors. We believe it s imperative for companies to pause, assess and launch or strengthen their vendor resiliency programs in order to leverage compelling products and services offered by increasingly sophisticated vendors and sustain their competitive advantage. cognizant 20-20 insights 8

Footnotes 1 Directives from OCC and CFPB to banks and other financial services organizations to take more accountability for managing risks associated with their vendors. References Risk Management Guidance, Office of the Comptroller of the Currency, http://www.occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html. CFPB Bulletin, Consumer Financial Protection Bureau, April 13, 2012, http://files.consumerfinance.gov/f/201204_cfpb_bulletin_service-providers.pdf. About the Authors Philippe Dintrans is the Vice President and Global Practice leader within Cognizant Business Consulting s Banking and Financial Services Group. Philippe has led numerous consulting engagements on business transformation, IT transformation and change management for marquee clients at Cognizant. He holds a master s of science degree in engineering from the Massachusetts Institute of Technology (MIT) and an M.B.A. from INSEAD. He can be reached at Philippe.Dintrans@cognizant.com. Amit Anand is a Director with Cognizant Business Consulting s Strategic Services Group. He has 12-plus years of experience in successfully leading and managing large IT transformation and operating model initiatives for various clients. Amit holds a bachelor s degree from the IIT Delhi and an M.B.A. from the Indian School of Business, Hyderabad. He can be reached at Amit.Anand@cognizant.com. Abhishek Roy is a Senior Consulting Manager with Cognizant Business Consulting s Strategic Services Group. He has 15-plus years of experience in leading business-aligned IT strategy, IT performance improvement, business process re-engineering, cost optimization and related large-scale transformation initiatives. Abhi holds an M.B.A. from Ross School of Business at the University of Michigan, Ann Arbor, and a bachelor s degree in engineering from the National Institute of Technology at Jamshedpur, India. He can be reached at Abhishek.Roy3@cognizant.com. About Cognizant Cognizant (NASDAQ: CTSH) is a leading provider of information technology, consulting, and business process outsourcing services, dedicated to helping the world s leading companies build stronger businesses. Headquartered in Teaneck, New Jersey (U.S.), Cognizant combines a passion for client satisfaction, technology innovation, deep industry and business process expertise, and a global, collaborative workforce that embodies the future of work. With over 50 delivery centers worldwide and approximately 171,400 employees as of December 31, 2013, Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world. Visit us online at www.cognizant.com or follow us on Twitter: Cognizant. World Headquarters 500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 Email: inquiry@cognizant.com European Headquarters 1 Kingdom Street Paddington Central London W2 6BD Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 Email: infouk@cognizant.com India Operations Headquarters #5/535, Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 Email: inquiryindia@cognizant.com Copyright 2014, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback