Chris Berg, Senior Director of Corporate Security & Safety, Symantec Corporation
What qualities or characteristics do you look for in a vendor partner?
Chris Berg, Senior Director of Corporate Security & Safety, Symantec Corporation:
I think the basics, done well, can become an atypical set of qualifiers setting the stage for a successful venture. Many organizations speak to the basics, but it is not often that they deliver.
Vendor partners that truly differentiate themselves provide solutions that reduce the typical risks associated with outsourcing (e.g. loss of control, poor performance, contractual disputes, technology gaps).
These suppliers also capitalize on the drivers to outsource, such as freeing internal resources, potentially reducing operating cost, leveraging best-in-class expertise, and even sharing operational risks. They are prepared to define a clear vision for the delivery of services, evolve shared strategies that factor in, at a minimum, business objectives, scope or services, cost/benefit analysis, Key Performance Indicators and organizational impact.
A smart vendor partner will present a relationship that is supportive and inclusive, features a strong executive-level connection, has solid financial underpinnings, delivers a well-structured contract, and has open and routine communications.
Robert Sypult, Security Executive Council Faculty, former Director of Corporate Security & Emergency Preparedness, Southern California Edison Company:
Ideally, a vendor partner should have a good understanding of the business, its culture, and the industry.
Solutions, regardless of the service, should be tailored to meld with that business or culture, and the vendor should help the security organization “sell” the service internally. All too often, off-the-rack solutions are applied, or the vendor does not listen well enough to obtain an in-depth understanding of how their services can help their business partner become more successful in their organization, further cementing the vendor/client relationship.
This is particularly true of technology services, where often the client has to coordinate closely with other departments to implement the solution. It is critical that the vendor partner understands these relationships and helps their client formulate processes, procedures and policies, in some cases, to ensure a successful implementation.
It has to be a true partnership to stand the test of time, because there are lots of competitors in today’s marketplace.
Brian Tuskan, Senior Director of Operations, Technology, Investigations, Microsoft Global Security:
In a large corporate enterprise such as the Global Security program I am responsible for, I look for vendors that have a proven track record of delivering on their statement of work. This means they are accountable for what they agree to do and execute flawlessly.
I also expect my vendors to be transparent and have a high degree of integrity. I look for true partnerships where the vendor is genuinely interested in my company and doing what is right for my company — not only focusing on how many billable hours or security hours-per-week (HPW) they can squeeze into the account.
If they are genuine partners that earn my trust, they will ultimately get more business, and I will refer them to other organizations that are looking for good vendors. It is important to understand though as a client, I must treat my vendors with respect and as a partner also.
Francis D’Addario, Emeritus Faculty, Security Executive Council, former Vice President of Partner and Asset Protection, Starbucks:
Objective performance should be non-negotiable with qualified security providers. Proven solutions evolve from collaborative risk assessments, innovative mitigation design and results measurement. They are routinely communicated period over period and year over year.
Successful providers convey value via a client-agreed scorecard. Strategic communication of relevant risk mitigation benefits is essential.
How does the security product or service measurably protect people, assets, and brand reputation? Can the solution optimize the core business? Does it improve the customer experience? What is the test plan? What are the metrics? What are the project risks? What does success look like? Will the solution seamlessly integrate with existing and future infrastructures? Will it build stakeholder confidence? Do end-user benefits exceed total cost of ownership (purchase, subscription, maintenance and training) for recurring return on investment?
Providers are more likely to exceed client expectations before, during and after their engagement when everyone knows the score.
Next Month’s Question: What can security providers do to show the true value of their offerings at a Board of Directors level?
For more information about the Security Executive Council, please visit www.securityexecutivecouncil.com/?sourceCode=std.
The information in this article is copyrighted by the SEC and reprinted with permission. All rights reserved.