Thursday, August 12, 2004 Toral: Nightmare suppliers By Janette Toral Digital Filipino
OUTSOURCE OR NOT. I’m currently doing a four-day software process improvement competency development workshop in Zamboanga City with around 25 participants.
One of the items discussed is supplier agreement management. As we have various software development needs, companies can decide whether to completely outsource the development or consider purchasing a commercial-off-the-shelf (COTS) package.
A participant asked for my perspective in considering open source-made applications.
In evaluating vendors of COTS or outsourced software developers, technology tools used are a great consideration. This is the reason why small organizations offering affordable self-made or outsourced open source solutions will not be the best alternative most of the time.
This is why for any alternative solution being explored, a risk list will have to be generated for each and possible mitigation approaches.
This will help you in finding the best solution where you are comfortable in being able to mitigate these risks. Not including this in your to-do tasks can result in problems in the long run.
Some of the risk factors that can be considered are: If the application encounters a critical error, will my vendor be able to fix it as soon as I need it? Is the vendor stable enough that it won’t close its business in the life span of the application? If the vendor closes its business, am I capable of supporting the application or can I easily find another party to maintain it?
If you answer “no” or “unlikely” to the questions above and you still want to pursue your plan, then mitigation approaches will have to be explored to ensure that your organization is protected.
I encountered an organization recently that outsourced a project built in open source. The application is not yet finished, but the technical people involved in the project resigned. Later on, this supposedly reputable vendor closed the business.
The application project is now maintained by two persons who were part of the previous organization. The project is way beyond its original target date already.
This also happened to one of my website projects where the open source content management system was running smoothly. Later on a bug was discovered, resulting in several sites, like the one I’m using, being hacked and partly defaced.
The vendor fixed it, but after a week, it happened again. This time the vendor disappeared and would not respond to calls for help.
Regardless of what tools or solutions you’ll use, identifying and managing your risk is an important task that must be done.
(email: janette@digitalfilipino.com.)
(August 12, 2004 issue) Write letter to the editor.Click here. Join the Sun.Star message board.Click here.
