Just a quick heads up and congratulations to the team behind ToS;DR – “Terms of Service; Didn’t Read”. We salute your efforts to bring more transparency to the world. [When we wrote our Managed IT contract, we made the lawyer use our plain English phrases. It was very uncomfortable for them, but we won over in the end. It can be done! We can certainly take inspiration from the clarity of this mob’s visualisation though.
Some businesses apply a ‘set and forget’ attitude to IT, as outlined in this recent report on “IT outsourcing mega-deals” from The Age. We don’t operate in the IBM etc space, but that doesn’t make the lessons any less valuable. We generally recommend our clients review their IT Strategy approximately every 3 months. Our agreements are only ever for an initial 12 month term – and that’s just to ensure we can get from where they are to stably operating on our managed IT platform without bailing half way through and causing a whole bunch of complications, not least for them. However, we’ve heard of plenty of providers that lock clients in for 3 or more years on the back of a slick PowerPoint presentation, only to basically go to ground and do the minimal amount of work required not to get sacked. Of course, their contract isn’t renewed, but by then they’ve already laughed all the way to the bank with your money. “Churn and burn” they say. It’s not just unethical, it’s incredibly short-sighted business practice that will ultimately lead to these companies’ demise and some very unhappy customers.
Most of our work comes from clients who have been ‘burned’ by their previous IT provider, sometimes in the manner described above. Some of it comes from a natural growth and evolution in our clients’ businesses that demands a more sophisticated solution than the lone IT guy (or single employee), but most of the time, we have our incompetent competitors to thank for the referral!
In the interests of preventing this from happening to you, here are some tips for managing your IT contract, both up-front and ongoing:
- Define roles, responsibilities and align these with risks. The company most able to reduce the risk should bear the responsibility for it.
- Ensure the proposed service scope matches your expectations. Don’t assume anything. e.g. Some “proactive managed IT” providers don’t actually include any desktop support, others (like us) do. There’s a big cost of provision difference between the two.
- Long contracts can work, but generally things change too much such that they’re worth renegotiating at least yearly. Either stick to yearly contracts with extensions, or insert explicit renegotiations at that point. It sets the expectations that your provider needs to work for their money for a start!
- Be clear about hardware – who buys it and under what approvals and markups. Many IT providers make more money from selling you over-inflated hardware than they do from providing you service. I think this element of the Financial Services industry is immoral (incidentally, there are new disclosure rules about that now – I wonder why!)
- Be clear about supplier choices / “partners” the provider works with – sometimes there’s a good reason (special support relationships, technical excellence), sometimes the reason is just old-fashioned payola (freebees, cashbacks, commissions etc). True supplier independence isn’t necessarily in your interest either – search and transaction costs can be high in this case, but make sure whatever the situation is, it is well explained and in your interests
- Be clear about process expectations – if you expect your outside provider to follow the same purchase approval procedures as an internal employee, you should be prepared to pay (a lot!) for their time in so doing. This can get prohibitively expensive fast, which is why many providers instead opt for the direct supply price-gouging. We operate a different model whereby we have an equipment fund that we are responsible for and report back to you on, like a mini bank account. That way, you still get financial controls, but the transaction costs (in economic terms, not bank fees!) are minimal. For instance, that lets us give our managed IT clients direct access to our supplier discounts (which can be substantial due to our purchasing power), whereas we’d otherwise have to charge a markup to cover all sorts of risks.
- Keep things flexible – if your business circumstances change, for better or worse, you want to be able to adjust your contract – both price and service – to suit. This should be a normal everyday thing, not an argument.
- Be clear about who is responsible for what amongst your managed IT provider and your other IT vendors – hardware, software, support. You may not want your Managed IT people in the loop if, for instance, you have a complex ERP system with dedicated vendor support. However, there will come a time where they almost certainly need to know about it, or even step in and start doing the job of support or integration that someone else is paid to do, even though they shouldn’t have to. Ideally your provider should be capable of all this, even if your day-to-day scope excludes it. Day-to-day issues are more likely to lie around hardware fault diagnosis and repair. We often see companies spend significantly more time than it’s worth chasing down warranties for cheap replaceable parts. In one case, an employee was without a computer for two weeks whilst the company, service provider & hardware vendor played blame games about who was responsible for fixing a blown power supply. This ended up costing over $500 in direct costs, plus two weeks of unproductivity, for a $70 part. Warranties have their place, but they have search, transaction & competence costs too. i.e. You can’t just out-source a hardware failure on your server to Dell – the most critical part is your data and business continuity, not the few hundred dollars of parts they’ll get back up and running for you in 4-24 hours (and even that’s a maybe!)
Above all, have a conversation. This is your business. These are not technical questions so much as ones of business structure, responsibilities and incentives. If you stop thinking of it as a technical problem you don’t want to know about, chances are you’ll ask all the right questions!
Last week I attended a great seminar courtesy of Internode, which featured <a href="http://www.martingrunstein.com.au/”>Martin Grunstein, the self-titled “customer service expert”. He certainly knows his stuff, even if his website is a little staid and ‘consultanty’! I don’t normally spruik this kind of stuff, particularly not about “Sales! Sales! Sales!”, but I find Martin’s stuff refreshingly frank without heading too far down the neuromarketing/Big Data style of marketing ‘trickery’.
Anyway, there’s a live stream happening at 9:30am AEST tomorrow (15th August). I recommend you watch it.
If you don’t make it or want some extra viewing material, last year’s presentation is also still available. The content is somewhat similar.
N.B. All of the above links require you to be on the Internode network. If you’re not yet using Australia’s best ISP, we can help you make the transition 😉
The mainstream press is full of <a href="http://www.smartcompany.com.au/information-technology/051078-icloud-failure-businesses-told-to-back-up-after-hacker-wipes-tech-reporter-s-devices.html”>articles about Cloud failures at the moment. Continuing on from my recent thoughts on the Cloud, it is clear that people are now starting to realise this ‘cloud’ thing needs to be backed up. OK, great. But how exactly do you do that? In short, with extreme difficulty.
Backup is not (just) a product you purchase or something you set up – it is a factor in a multi-faceted disaster recovery plan that spans the entire infrastructure (and, if done well, business processes as well). This is fundamentally at odds with most cloud implementations, which are designed to abstract away having to care about “low level details” like backup. After all, isn’t that what you pay the cloud provider for, to look after these things? Whilst that’s true and even largely true, it doesn’t necessarily satisfy your Risk Management Plan. Such a plan needs to be created (and not just by IT – the business’ directors need to understand and sign off on it) independently of how it is implemented. Cloud makes much of it easier, compared with your typical incompetent IT guy anyway. However, it makes some components of it exponentially harder. Whether this trade-off is worth it is up to you and your company (or individual)’s risk profile. But there’s no panacea; no shortcut to understanding this stuff.
Whilst it adds a little more to the conversation upfront, information reliability and disaster recovery is one of the first conversations we have with our clients and certainly one we have before implementing any systems improvements. There are so many targets you could be aiming at. How can you measure success if you don’t define it beforehand?
I am prepared to be proven wrong, but as of the time of writing, I have never seen a company (that isn’t one of our clients of course!) without extremely obvious, high risk, critical backup-related issues. i.e. The kind of issues that should be flagged as unacceptable risks to the business regardless of any risk management objectives. Backups are often missing, incomplete, untested, run using buggy error-prone software, dumped to dodgy media, stored right next to the main data source and are almost never monitored. Even if all these things are done, a Disaster Recovery Plan (even an informal one) is almost never in sight.