A required part of financial entities’ ICT risk management framework by the DORA legislation is a holistic ICT multi-vendor strategy.
Two important strategies need to be analysed to understand the implications for your company
- ICT multi-vendor strategy
- Holistic strategy
ICT multi-vendor strategy
An ICT multi-vendor strategy is when you use several ICT-service providers for your business. There are several benefits of using different providers for your business as opposed to one single ICT vendor strategy;
- Ability to choose vendors that are the best or most suited for certain parts of your business
- Reduced risk of single-vendor dependencies
A holistic strategy is a business strategy approach where a company is focused on coordinating its departments and employees to better collaborate and exchange. The benefit of a successful holistic strategy is internal alignment. The results can usually be seen in;
- Increased business value collaboratively created
- The entire company focused on working together towards collective goals
With this knowledge, Advisense approaches a holistic ICT multi-vendor strategy as a strategy where each ICT service has a purpose aligned with entities’ business goals.
The provided ICT services need to be mapped and connected so that no part of the service chain results in unnecessary tasks for the business. A vendor should never inhibit another vendor to deliver value to the business but rather enhance it. As stated in the legislation, there must be a rationale behind the procurement mix of third-party service providers.
A holistic ICT multi-vendor strategy should be established so that it can be used as a tool for mapping your risk dependencies and for evaluating new ICT vendors. If you can achieve a broad understanding of how vendors contribute to your business, it will be easier to pinpoint where your major risks lie and the possibility to spread risks between the vendors. You can also more easily evaluate vendors from your strategy and your current mix of ICT service providers.
When assessing your need for a holistic ICT multi-vendor strategy, there are many aspects to consider. As a start, you should consider the mix of ICT-vendors and ask yourself:
- Are we using multiple critical ICT-vendors for our business?
- Are our risks distributed over several ICT-vendors?
- Do we have ICT-vendors that provide similar solutions?
- Does our ICT-vendors have several dependencies to each other?
- Are we dependent on one single ICT-vendor?
If your answer is ‘Yes’ to one or several of the questions above your business can likely benefit greatly from a holistic ICT multi-vendor strategy.
Designing a holistic ICT multi-vendor strategy is not an easy endeavor, it will require a high level of knowledge and competence, both in technical capabilities and vendor management. However, the benefits if successfully implemented are clear. It will enhance your business productivity and value creation. You will be confident that each service provider is worth their cost and contributes to your success.
Want to find out how Advisense can help you?