Outsourcing your technology needs to an IT company ideally gives you access to:
- Expertise and talent
- Consistent execution and follow through
- Cost-effective means of managing technology as you grow
When you partner with IT company, who also provides strategic c-level leadership, your business can scale and grow without the risk and complexity of building an internal IT department. However, not all IT companies are created equally, and there are major business risks and hassles if you end up with the wrong provider.
Here’s what to look for as you make an objective assessment of your current situation and start working towards a better approach to managing your technology.
1. Security as an afterthought
Cyber security is the most important technology issue for businesses today. It is foundational because a major security incident can destroy a company through financial insolvency or bankruptcy. Cyber criminals, from state actors to mafia-like organizations, are financially motivated and highly sophisticated. They will stop at nothing to extract money and resources from their victims.
It is essential that your IT service provider makes cyber security the number one priority. Here are some of the signs that security is treated as an afterthought:
No security risk assessment – A security risk assessment is a formal and systematic process to audit a company’s security posture, identify gaps and weaknesses, and prioritize needed security improvements. One should be performed at the beginning of the business relationship and regular intervals
thereafter.
No technology standards – Technology standards align your company’s technology choices with the preferred brands, vendors, and technologies of your service provider. Standards are vital for proper deployment, configuration, maintenance, and management of technology. And standardization is essential for sound cyber security management.
Legacy, outdated technology – Technology investment and upgrades are essential to maintaining proper cyber security. As hardware, software, and operating systems age, there is a higher likelihood that bugs and vulnerabilities go unpatched, exposing your users and organization to cyber attack.
People left out of the equation – Employees are the weakest link in cyber security. An organization can invest in world-class software and cyber security systems, but if the employees are poorly trained or the company lacks a culture of security, there 1. will be countless security incidents in no time.
2. Chaotic and unpredictable onboarding
How were your first few weeks in your relationship with your current IT service provider? Was there a clear, well organized path and plan? Did you start seeing the value and improvements to your technology right away? Onboarding is a key element in your relationship with your IT service provider. In those first few crucial weeks, this is where major security and configuration gaps are identified and other important issues are fixed. It is also the period where standards and improvements are clearly identified.
If you had a poor onboarding experience, here are some of the gaps you might have noticed.
No documented onboarding process – A well documented onboarding plan will spell out the overall process and timeline to go from contract signing to the completion of the first full phase of the relationship. It is a warning sign if this process is poorly defined or not well documented. If your provider has failed to deliver a clear plan that is well executed, sometimes things will start out on the wrong foot.
Incomplete technology inventory – A good onboarding process will involve a complete inventory of all key technology in your business, including all users, systems, software, infrastructure, passwords, vendors, network configurations and network maps. Failing to properly identify all assets and systems can lead to dangerous cyber security gaps.
No named vCIO resource – Did your provider give you a single point of contact for the onboarding process? You should have had a named virtual Chief Information Office (vCIO) resource clearly identified, to help guide you through the process, answer your questions, and meet with you about the important progress updates, findings, and recommendations
Incomplete standards discussion – Defining and adhering to technology standards creates a win-win situation for a service provider and their client. Defining technology standards during onboarding helps organizations identify and upgrade legacy technology, while aligning your tech stack with the service provider’s standards. Standards clarification is a key part of the onboarding process
3. Poor customer service and follow through
High quality customer service requires not only a commitment to excellence but the tools and processes to deliver consistent results and satisfaction. Your service provider should have software tools and processes to measure and improve service levels, every step of the way. If your service provider is failing to measure and manage your satisfaction, that should be a real red flag
Here are a few other service gaps which should be cause for concern.
Slow service response and resolution times – This one is pretty obvious. If problems are not resolved in a timely fashion, this is a major red flag. Problems and tickets should be quickly addressed and resolved in a professional and timely fashion. As with satisfaction, if your service provider measures KPIs around service tickets, they are likely managing this process well.
No service quality monitoring – If your service provider is measuring your satisfaction, they are likely managing it well. If they are not even measuring user and management satisfaction, how could they possibly manage it? Your IT service provider should use simple feedback tools on every service interaction; the trends should be monitored and managed, and they should be reviewed regularly at Technology Business Reviews.
No service dispatch – Does your service provider have a dedicated staffer who handles service dispatch? This is vital. Every ticket or client inquiry needs proper prioritization and dispatch to the right technician based on severity, timeliness, and technician skills. If your provider lacks a service dispatcher, it is a red flag.
Sloppy handling of passwords – It is vital to understand your service provider’s security, processes and tools for passwords. In most cases, service providers have broad administrator access to their client’s most important IT systems and infrastructure. This important responsibility requires the use of world-class password control systems, so that work can be performed without compromising security. As a part of your due diligence, it is crucial to understand the tools and processes used for password management.
4. Missing strategic IT management process
Your IT service provider should do more than just keep your computers running. Technology infrastructure and support are the base layer of any outsourcing the relationship. The real magic happens however, when technology is viewed as a strategic investment that can help organizations operate more efficiently, differentiate, and grow. If your IT service provider is not your strategic partner, there is definitely something wrong. Here are few red flags to help you understand if you are working with a strategic IT partner.
Irregular or missed Technology Business Reviews – Technology business reviews are quarterly or periodic strategic meetings between a client and their IT service provider. Too often, these meetings get delayed or missed. Your service provider is responsible for establishing and keeping a regular meeting cadence to brief clients on KPIs, results, project, progress and additional IT planning items.
No named vCIO – World-class IT service providers provide a named vCIO to their clients. This single point of contact is responsible for overall relationship management and the organization of strategic advice and consulting to clients. If you don’t know your vCIO, there is probably something wrong.
No annual IT budget and project plan – Budgeting is more complex than people realize. It is vital that your IT service provider is deeply involved and guiding your technology budgeting process. Technology is foundational to success in our 21st century economy. Therefore it is essential that your service provider helps you craft a detailed annual IT budget, along with with a multi-year investment strategy. If there are lots of technology spending surprises or if you are kicking the can down the road on necessary investments, it likely means you are missing a good IT budgeting process.
Lack of alignment between company strategies and IT planning – Does your IT service provider have a seat at the table in your annual planning process? Is technology viewed as strategic to your business growth? If not, you should ask why. Your relationship with your IT service provider requires high degrees of trust and they need the professionalism and expertise to serve as a strategic partner for your business.
5. Poor company culture and employee morale
As the management guru Peter Drucker once said, “Culture eats strategy for breakfast.” The values of your service providers should be studied closely, because your service provider is really an extension of your operations. Do you know their mission and values? Are they aligned with your own?
Mission, vision, and values undocumented – Your IT service provider isn’t just any vendor relationship. It is a strategic outsourcing relationship, where the provider is working with and controlling some of your most vital technology and infrastructure. It pays to have a strong understanding on what makes your partner tick. If you don’t have a good understanding of the mission, vision and values of your partner, it is likely a red flag. If your provider does not prominently feature their mission and values in their marketing literature, ask them to spell them out for you.
Poor employee retention – Do you have personal relationships with the people who serve your account? If your service provider has problems retaining their staff, you may be the victim of their revolving door. Your service provider should have industry leading employee retention and development, so your team gets to work with great people who are here to stay.
Excessive use of contractors or overseas staff – Every business navigates the changes in workload with the use of contractors. It is a red flag however, if your service provider relies too heavily on contractors or overseas staffing models. In most cases, contractors are less well trained and qualified than “badged” staff. You should insist on transparency to the staffing models in use by your service provider.
Inconsistent internal training and certification programs – Does your service provider invest in training and development for their workforce? We live and operate in a knowledge based economy, where skills get rapidly outdated without consistent employee training and development. Also study the technical certifications held by the staff at your provider. It pays huge dividends to work with a partner that consistently invests in
6. Infrastructure only -- your people are an afterthought
Infrastructure, hardware and software are important. But the most important “software” of your business is your people. In order for technology to make a real difference in your business, it needs to be well designed and integrated with the user in mind. Productivity and ease of use should be top of mind. Moreover, technology education and training should be consistent and highly effective. The magic really happens when employees can use technology to serve customers better, sell more, and maximize their productivity. Your service provider should be at the forefront of helping your staff leverage technology and transform how they succeed in their jobs.
Here are few potential gaps to judge whether your service provider is helping transform the technology skills and effectiveness of your staff.
No security awareness training – Security awareness training is an absolute must in today’s complex operating environment. Cyber crime impacts firms of all sizes and employees are the weakest link. If your service provider is failing to supply security awareness training and programming, it is a real red flag.
No specialized training for senior staff and chief security officer – While every employee needs some level of cyber security awareness training, senior staff and specialized functions need next level security training and education. Highly privileged employees need extra coaching and education, since they look after critical infrastructure, intellectual property, or are in charge policy and enforcement for the rest of the firm.
No vCIO services – vCIO services deliver consistent, strategic advice to senior management on how to adapt and leverage technology for competitive advantage. If your service provider just provides infrastructure and support, you are missing a crucial layer of consulting and advice which is needed to take your organization to another level.
Little impact on your company culture and employee behavior – Has your service provider changed the habits and behavior of your staff? Is your staff more adept and productive with technology? Are their cyber security habits healthy and improving every day? Has your service provider helped improve your company culture? If the answer is no, it should be time to explore