Evaluating vendor proposals is one of the most critical aspects of the RFP process, secondary only to negotiations. The ironic thing is that we've seen too many clients try to abbreviate this activity, take short cuts, or even avoid it altogether. Providing ample time for your team to review the vendor RFP responses is critical to a quality review process, while not rushing the evaluation process ensures that you understand their complete offer and proposal.
RFP team members are typically time constrained and do not allocate enough time to evaluate the vendor's proposals adequately. We have found that it takes team members 2-3 hours to review the average RFP (length of 112 pages) and evaluate and score each proposal. This process typically requires multiple readings of the proposals to generate thoughtful scores. Most evaluation teams allocate two weeks to review the vendor's responses after the RFP due date. So let's do the modeling: if we assume 2.5 hours per proposal to evaluate the vendor's response and we presume an average of 4 responses, this equates to at least ten hours required to sufficiently evaluate RFP responses. If this is an unplanned activity, chances are it will be performed after hours or rushed at the very last minute just to get their scores in. Rushing the review process increases the chances of the review being incomplete.
As the evaluation time approaches, calendars tend to fill up. Therefore, we recommend that you have the team members schedule the evaluation time on their calendars as early as possible … sometimes even before the RFP is drafted. IT RFPs average between 5-6 evaluators. Chances are one of these evaluators is on the IT leadership team. If so, consider extending the review process by another week to provide them with the flexibility to evaluate the responses. Remember, it is always better to have reserved the time and not need it than to need it and not have it reserved.
If you are experiencing pressure to lower your IT expense, a reverse auction might be a quick, efficient answer to ensure you are getting a competitive price.
A Citrix vulnerability first discovered on December 17, 2019 is being continually exploited by ransomware attackers despite patching attempts by Citrix.
Project Zero is changing its vulnerability disclosure policy to give software developers more time to patch vulnerabilities. The policy is now shifted to a stringent 90-day policy.
Can a vendor management initiative influence organizational performance? The concise answer to this question is yes. However, this influence doesn’t occur overnight.
Cybersecurity firm Bishop Fox identified eight vulnerabilities in ConnectWise’s remote control and remote access software.
Announced on December 31, 2019, BeyondTrust named Tenable as the successor to its Vulnerability Management suite.
On January 15, 2020, the Department of Defense (DoD) issued an open call to vendors to fulfill a contract to help improve their technology and inventory management.
Whether you are using Info-Tech’s Commodity, Operational, Strategic, Tactical (C.O.S.T.) model to classify your vendors or you arbitrarily label high spend/critical vendors as strategic, it begs the question: “Does your vendor truly view you as a strategic customer?”