Setting the standards to make your firm flourish

One of the key measures of a good partner is an ability to deliver best practices, cope with change over the course of a lengthy contract and offer solutions that meet standards widely used in IT.

Best practices are enshrined at the core of any managed service contract in the service level agreements (SLAs), but the challenge for you in choosing an outsourcing partner is to establish the supplier’s credentials long before your SLAs ever get agreed.

One of the problems associated with the delivery of managed services (and the outsourcing arena in general) is that there is no single standards body for the services, meaning providers could potentially sign up to different accrediting bodies (see box, below), leaving little agreement about which standards are essential. Different managed services suppliers have their own working methodologies, and despite the emergence of standards such as ITIL and BS15000 and the need for a knowledge of the TUPE rules covering the transfer of staff between employers, there are still varying views about which standard will be of most help to use in sealing your deal.

“Having accreditation helps in the sales process, because it builds credibility, but I wouldn’t say it closes the deal,” says Anthony Foy, group managing director of Interxion.

“There are few third party bodies that look at the quality of the service and the environment of the end user.” For your company there is an obvious comfort factor to be gained from an accreditation that implies a supplier has met externally set standards relating to managed services provision, but it can be confusing if different suppliers promote different accreditations.

Russell Flower, director of managed services at Synstar, says around half of his customers are now starting to ask for IT Infrastructure Library (ITIL) compliance, and the number of providers signing up to the accreditation should grow as it is driven by customer demand. “ITIL is very good at describing the service you provide and how to manage it,” Flower adds.

One of the most interesting aspects of ITIL is that, in contrast to some of the broader British Standard accreditations that apply to all types of industries, the certification has been written specifically for the IT market. Another attraction ITIL offers is that many companies of all sizes are moving to adopt ITIL in their IT departments and can understand and appreciate the effort involved in gaining the certification.

ITIL sets out a very good framework for the delivery of IT services. Your organisation should interpret ITIL according to your own needs and experiences. ITIL, however, provides a yardstick that should ensure that service providers and customers have the same level of understanding when it comes to key terms and service definitions.

Says Simon Walsh, Director of Client Services at Computacenter: “ITIL is becoming an increasingly important part of the managed services landscape. We already utilise the processes throughout our contracts, embedded within our tools and inherent within our service management training.”

It is important that you mould ITIL principles to your own business and this process is made easier if the service provider understands the terms being used by your IT staff.

Most of the larger managed service suppliers are moving on from ITIL and starting the process to gain BS 15000 accreditation. However, BS15000 is a new programme, and is yet to be officially auditable or fully recognised and adopted by the industry. It should therefore not be an over-riding concern when looking for a managed services partner. Built on existing BS standards and ITIL, TUPE is the current bar for the industry to aim for.

Painless transition
A supplier that can offer you a seamless, painless transition from in-house to managed IT management comes close to being the ideal partner. But one lacking knowledge and experience of TUPE will stand out from the competition.

Determining the applicability of TUPE at an early stage and dealing with the consequences is key, says Bobby Gill, a partner at legal firm Osborne Clarke. “This process should include proper management and consultation with the affected employees, and handling the softer aspects with the workforce in general so they do not feel alienated.”

Your organisation also needs to address the additional impact to the service provider, who may seek indemnities and additional uplift in service charges if the application of TUPE had not been addressed at supplier selection stage. The effects of TUPE at contract termination date will also need to be considered.

There is a whole ream of legislation to be considered depending on the nature of the outsourcing and your organisation. For any organisation operating in a regulated environment, the regulator will likely not permit an organisation to outsource its regulatory obligations. You may therefore need to ensure that a managed services contract is properly structured to cover issues of compliance with legislation, including the Data Protection Act.

Staff issues are by their nature sensitive and, if handled badly, can be inflammatory. A failure to consider the impact that transferring staff might have early on in discussions about a managed service contract is likely to spell trouble. The attraction of a partner increases if they can demonstrate an understanding of TUPE legislation, adherence to standards and a philosophy of continual improvement. “Changes to processes and systems in response to changes in legislation and regulations are managed by the provider, rather than the customer,” says Maxine Holt, senior research analyst at the Butler Group.

But the attraction of leaving all of your worries on someone else’s plate can become a nightmare if your partner fails to meet expectations. Adds Bobby Gill: “An exit strategy should be one of the top five areas to be addressed at the outset of a negotiation. When you consider that up to 50% of outsourcing contracts can be a failure and yet over 90% remain with the same supplier, this can only mean that the customer has suffered supplier lock-in. The prime cause of supplier lock-in is the lack of a watertight and tested exit strategy.”

Those managed service providers that fail to take note of ITIL, BS 15000 and other emerging standards face not only losing their business to UK-based rivals, they also increasingly face a threat from overseas suppliers. In a bid to counter possible criticism from established Western suppliers that outsourcers in India and China are a cheaper option that do not offer the same standards of best practice, offshore suppliers have worked hard to gain ITIL, CMM Level 5 and other standards.

For many companies, keeping on top of legislative and compliance issues, as well as technological advancements, is challenging. Handing the management of part or all of an IT infrastructure to a third party is thus a very attractive option. But to get the best from your supplier they should be able to demonstrate a commitment to best practice.

The benefits of standards can be clear. Mark Hall, Information Systems Manager at Severn Trent Water and Chairman of the itSMF, says: “Process is the heart of ITIL and is fundamental to your organisation moving from being a technical to a service-led organisation. Mature best practice approaches (such as ITIL) are supported by standards such as BS15000, ISO9000 and BS7799.” However, Hall says that you should not develop practices in isolation from your core business, and warns of the process having too much focus and becoming the end result in its own right. This may actually lead to a loss in flexibility. _

Managing change
Best practice changes over time, and there are a number of challenges that you need to be aware of to get the most out of changing processes and technology:

• Confirm a clearly defined and measurable business and IT strategic direction.
• Be open to new ways of working in process and technology.
• Have a thorough understanding of business needs, the stakeholders involved and the corporate
  environment.
• Understand the business potential of IT.
• Build in strong governance at all levels, with information readily available to all involved.
  Source: Atos Origin

Accreditation and legislation

• TUPE: These regulations are essential reading for anyone considering outsourcing arrangements involving transferring staff from one organisation to another. The Department of Trade and Industry describes it like this: “The Transfer of Undertakings (Protection of Employment) Regulations 1981 (as amended) – commonly known as the TUPE Regulations – safeguard employees’ rights where businesses change hands between employers.”
• ITIL: Another set of standards for suppliers to learn, relating to service and service support. The ITIL (IT Infrastructure Library) consists of six sets: Service Support; Service Delivery; Planning to Implement Service Management; ICT Infrastructure Management; Applications Management; and The Business Perspective. The emphasis with this standard is on delivering a complete end-to-end service, which can be a segmented as part of an IT infrastructure.
• BS 15000: This standard goes hand-in-hand with ITIL. The BS 15000 service management standards define best practice for implementing, delivering and managing IT services. BS 15000 includes 13 processes, defined under five headings: service delivery, control, release, resolution, and relationship.

This article was part of Computer Weekly's managed services business channel, sponsored by Computacenter.