Simple answer: Get yourself familiar with knowledge that is available. Basically, to build the knowledge for sourcing, outsourcing and related governance models, you would have to focus on the available knowledge sources.
First and foremost, you need to get to know local/national, laws under which any sourcing strategy is being defined and executed. For instance, if your company is headquartered in Switzerland, the “Bundesgesetz über den Datenschutz” would be a good starting point along with the “Verordnung zum Bundesgesetz über den Datenschutz”. This law and its amendments are talking about the data protection rights of individual and juristic persons. If you consider to move part of your business abroad from your headquarter country, you need to consider the different intellectual property protection and data privacy rights at the locations you want to outsource to. If staff is affected by transitioning to an outsourcing service provider, you need to get yourself familiar with labor-law issues. In Switzerland, Art. 333 of the Swiss Code of Obligations (SCO – liability in the event of transfer of employment relationships) kicks in.
Based on national laws, certain industries are bind to some more granular regulations. In Switzerland, Financial Institutes have to act according to the bank secrecy law “Bankgeheimnis”. This law is triggering additional regulations for banks in the case of outsourcing. The Swiss Financial Market Supervisory Authority (FINMA) has released the circular “Outsourcing Banken” which describes the conditions under which outsourcing has to be performed.
Any sourcing strategy definition and execution of a bank in Switzerland need to have controls in place to adhere to this paper.
Over the centuries, industries and branches have developed standards and norms of operation. ISO/IEC 38500 is an international standard for corporate governance of information technology. It provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. Any sourcing governance should be based on this standard. To execute a sourcing strategy, a new norm will support standards for the outsourcing process in information technology: ISO/DIS 37500 (Guidance on outsourcing) is being drafted and under review – to be officially released 2015. This norm is referencing a number of other ISO Standards very well known in information technology:
- ISO 31000, Risk management
- ISO 21500, Guidance on project management
- ISO 9001, Quality management system
- ISO/IEC 20000 Information technology – Service management
- ISO/IEC 27001 Information technology – Security techniques
- ISO 19011, Guidelines for auditing management systems.
International Frame Works
Especially for information technology, a number of established “best practice” frame works support the definition and execution of sourcing strategies. COBIT 5.0 is certainly the most comprehensive and complete frame work covering governance and management of information technology – supporting any form of sourcing. Besides of the generic COBIT 5.0 frame work, there is a number of dedicated sourcing documents being released by the organization (ISACA) responsible for COBIT, i.e:
Very well known in IT is ITIL v3©. This frame works helps service providers and customers to define process responsibilities, activities and interfaces in service operations. In addition, the service transition from customer to the external service provider is being supported by processes and process outcomes (i.e. service acceptance criteria, knowledge management). The frame work’s service design processes are the base for the definition and execution of service requirements and service quality parameters throughout the souring life-cycle.
Part of the execution of a sourcing strategy should always be an assessment about the sourcing capabilities of an organization. There exists more generic assessment frame works in IT not necessarily dedicated to sourcing (i.e COBIT Process Assessment Model (PAM), TIPA or CMMI). A specialized sourcing assessment would be the eSourcing Capability Model. This a framework has been developed by ITSqc at Carnegie Mellon University in order to improve the relationship between IT Services providers and their customers. The eSCM is twofold: eSCM-CL for Clients and eSCM-SP for Service Providers. These two models are consistent, symmetrical and complementary for each side of the client-provider relationship and this is the strength and the uniqueness of this model.
Trainings and Certifications
International de facto standard for training and certifications related to outsourcing is the Sourcing Governance Foundation course. It provides basic knowledge of what the main concepts of Outsourcing and Sourcing Governance are and how they can be applied. Best practice shows that implementing and operating a Sourcing Governance Function will require staff awareness and understanding of the key principles and concepts of outsourcing and sourcing governance. In this course an interactive approach is used combining lecture, discussion and exercises.
APMG-International has created the Sourcing Governance Foundation certification in conjunction with International Association of Outsourcing Professionals® (IAOP®).
Undertaking the course and successfully passing the examination qualifies an individual for COS-FP (Certified Outsourcing Specialist™ – Foundation Principles) certification from the International Association of Outsourcing Professionals® (IAOP®).
In Switzerland, the University of St. Gallen has been released a program “Certificate of Advanced Studies (CAS) in Sourcing and Cloud Management” this year. Focus is the definition and execution of sourcing strategies.
There is a lot of knowledge available as a good starting point for any company considering souring as an option for its future business. This knowledge needs will be a fundamental part of the organizational capabilities for any successful sourcing.