As outsourcing gains momentum in the Information Technology (IT) space, particularly in mission critical areas such as the database, a Service Level Agreement (SLA) is essential in order to govern the type and frequency of services offered and the acceptable level of downtime.  However, as database environments differ from company to company, it is important to ensure the SLA is customised to ‘fit’ the client’s environment and unique requirements. Furthermore, requirements change and the SLA must also be flexible to accommodate updates and modifications.

Outsourcing has become a popular service model, particularly in the Information Technology (IT) space, as it can help to deliver greater cost efficiencies and high levels of service. However, a trend has emerged in recent years to move away from large multi-service outsource providers and towards smaller, specialist niche service providers. These niche IT outsource providers are providing a multitude of benefits to business.

 

This shift has occurred for a number of reasons, mainly due to the ability to drive greater value from outsource contracts. While each model has its own pros and cons, a more focused niche provider typically specialises in a specific area of IT outsourcing. This results in greater efficiency, better service delivery, a more granular view of the IT outsource service, and a significant reduction in the typical red tape associated with a basket of services from a single large provider.

 

Despite these benefits, larger IT outsource providers who offer a wide range of services have traditionally been popular, as they offer the perception of a ‘one stop shop’ for all of a company’s IT needs. This is an attractive concept, as it means that there is only one contract to manage for multiple services. A single contract decreases administration and the need to maintain relationships with multiple vendors. However, this single contract concept is also where the biggest detracting factor for multi-service outsourcing comes in.

 

The reality is that most large outsourcing companies only specialise in one or two areas and offer other services as an ‘add on’. This means that service levels are often inconsistent across the different services as skills levels within the provider are inconsistent. The challenge for businesses that are tied into multi-service contracts is to remove one of the services that they may not be satisfied with. This is a difficult and time consuming process and will require renegotiation of the entire contract. Engaging the services of specialised, focused service providers on the other hand, while it does require more maintenance of relationships and contracts, will ensure that service levels can be easily monitored according to specific services. If these service levels are not delivered according to the Service Level Agreement (SLA), contracts can easily be terminated and a new provider sourced.

 

While it may seem that outsourcing multiple services to a single provider will drive the greatest efficiencies, this is often not the case. Services are consolidated into a single contract and fee, which means that costs for each individual service are difficult to control. It is not possible to identify the individual cost of maintenance of each service unless the service provider is completely transparent and provides a granular breakdown.

 

With specialised contracts, this process is simplified and it is possible to easily manage and control spend on each service. This is becoming an increasingly important factor in light of King III recommendations and regulatory requirements, which require the justification of all IT spend and reporting to stakeholders on the effectiveness and value derived from each service.

 

Niche service providers also tend to be Small Medium Enterprises (SMEs).  They are more motivated to deliver as their livelihood hinges upon their reputation for service delivery. Terminating the services of a single service provider that is not delivering a particular service is also far easier than trying to terminate a single service from a large basket contract.  This in turn motivates the niche outsource provider to deliver better services. If a small company loses a contract, the impact is far greater than that of a large company losing a single service contract. SMEs also tend to deliver more personal interaction, more personalised service and better turnaround times, as these companies are typically more agile with more flexible processes. 

 

IT Outsourcing as a model for service delivery is here to stay and continues to grow in the current economic climate due to budget constraints and the ever-present need to deliver better services for lower IT spend. However, the one stop shop model is no longer as popular as it has been in the past and we will continue to see an uptake in services from more specialised, smaller outsourcing providers who deliver better service levels and greater cost efficiency.

In today’s information-driven age, the database is the heart of any organisation. From running applications to processing transactions and storing customer and other mission critical data, without the database businesses simply cannot function. Despite the critical nature of the database, many companies do not have a comprehensive backup and disaster recovery strategy in place and resort to crisis management when their database crashes, often resulting in costly downtime. 

 

There are a few checklist items to consider with backup and disaster recovery, ensuring minimal disruption and most importantly, continuity for the business.

Checklist Item #1: The backup and disaster recovery strategy

Whether organisations run a full disaster recovery environment or simply conduct regular backups, having a plan and processes in place to govern this in the event of an emergency can literally save a business.

 

A backup and disaster recovery strategy is therefore essential for every modern business of any size. This is the most important step in ensuring your database is not a disaster waiting to happen.

 

In order to develop this strategy, organisations firstly need to understand how critical their data is to the business. Not all organisations require a full disaster recovery environment, as these can be costly to implement. Furthermore, not all data is mission critical or will cause the business to fail if lost or takes time to recover. However, at the very least, all data needs to be maintained in some form of working backup environment and these backups need to be conducted in line with business rules.  Business rules govern the backup and recovery strategy, and outline how data should be stored and restored, as well as guide the times required for a restore to take place and more.

 

A full disaster recovery environment is obviously preferable for mission critical databases, as when disaster happens the environment can simply be ‘switched over’ with minimum downtime and disruption. The disaster recovery environment should be in sync with the production environment and should also be regularly tested. If a disaster recovery environment is not in place, backups need to be stored in a minimum of three separate locations to ensure that at least one recovery copy is available for restore.

 

Regardless of the recovery method, the processes involved must be clearly documented.  Listing the order of procedures, steps that need to be taken, the required turnaround times and who is responsible to ensure that all functions are fulfilled is essential. All parties involved should clearly understand their role. The failover processes must be regularly tested to ensure that when a disaster happens, these processes are seamless.  When testing, the failover processes should also generate a log to establish which ones are successful and which ones are not, allowing for the appropriate person to remedy.

Checklist Item #2: Address database security

Building security into the database is important, both from a physical and data perspective. This is addressed in various legislations including Sarbanes Oxley (SoX) and the King III guidelines to mention a few, making database security a compliance requirement. The requirement for database security is also extended to any backup copies of data and disaster recovery environments.

 

Physical security such as access control, intrusion prevention and detection, fire detection and suppression will help to prevent unauthorised persons from accessing the physical storage areas and minimise the impact of disasters such as fire. Data security must also be implemented to prevent unauthorised data access and theft from the corporate network.  This is critical given the rise in cybercrime. It is also important to ensure that the database itself and all backups receive the same protection levels. Without IT security, data can be lost, corrupted or more frequently in today’s world, stolen for sinister purposes. Data must be protected to prevent business downtime, which results in loss of revenue and reputation.

Checklist Item #3: Database administration

Whether you use an internal Database Administrator (DBA) or the services of an outsource provider, it is vital to be 100% comfortable with the DBA and the levels of support that are delivered.  The DBA has access to all company data and therefore must be highly trustworthy.

 

The service levels delivered must also be checked, as bad service both in-house and outsourced can negatively impact database downtime and cost the business. This can be addressed in a solid Service Level Agreement (SLA) and Operations Level Agreement (OLA). However, the DBA or outsource provider should maintain the backup strategy, the frequency of testing processes, the documentation and availability of this documentation as well as all planned failover testing. If these services are not being delivered, an organisation should question the value that the DBA is delivering.

Checklist Item #4: Check your SLAs

SLAs must fit the requirements of the business and should support disaster recovery and restore goals. The infrastructure of the database and recovery environment needs to allow for either a full disaster recovery failover to take place or regular backups which require, amongst other things, enough disk space. SLAs must factor this in and meet the specific disaster recovery needs of the organisation.

 

For example, an online e-Commerce store cannot afford to have any downtime due to the nature of their 24x7x365 business. Therefore, their SLA should include service levels that ensure maximum uptime and fast restore times with disaster recovery. Other businesses, such as a legal firm, may need to have their data restored within a few hours, or a day. This type of business won’t collapse if the data restore is completed within 24 or even 48 hours.  Therefore, the SLA must accommodate these factors and should also be in line with the disaster recovery strategy supported by the business rules and processes. If SLAs do not fall in line with business requirements, they need to be reassessed. However, it is also important to bear in mind that 99.999% uptime and fast recovery comes at a price. The balance of expense, functionality and best possible service levels to meet the business’ needs must be considered when defining an SLA.

 

In addition, the SLA should incorporate regular testing of the disaster recovery plan to ensure that it works, eliminating much frustration in the event of failure. 

Conclusion

Ultimately any disaster recovery solution minimises downtime.  Downtime costs money and this is often more expensive than the implementation of a full disaster recovery environment. If this is not possible, having a strategy in place is critical to ensure that processes are followed. Maintaining a stable database environment is equally important for business continuity.  A checklist that covers these aspects of database backup and recovery will help to mitigate risk, minimise downtime and ensure businesses are up and running in the shortest possible time in the event of a disaster.

Outsourcing has become an increasingly popular option for businesses as the current economic climate continues to put pressure on spend, driving cost cutting initiatives within companies, particularly in the Information Technology (IT) sector. However, outsourcing can deliver value beyond cost savings, further improving service levels and driving greater efficiencies.  It also minimises downtime and improves profitability as a result. Getting full value out of your outsource contract can, however, prove challenging. An outsource contract needs to be carefully controlled to ensure it continues to deliver the expected service levels and benefits.

 

In order to get the most out of your IT outsource contract, there are six core ‘tips’ or best practices that clients should ensure outsource service providers subscribe to. By following these six top tips, organisations will obtain the best possible balance of service and cost.

Top tip #1: Define SLAs and OLAs

A service level agreement (SLA) is the foundation of any outsource contract and provides the standard for expected service levels. This must be agreed on between both the outsourcer and client and once established, will outline the requirements such as time-to-respond and mean-time-to-repair. A thorough investigation is required to determine the type of service levels that are required for the client’s business. It is also important to link the SLA to an Operations Level Agreements (OLA), which is an extension of the SLA, by determining and outlining how the SLA is executed. These two agreements provide the benchmark for measurement and management of the outsource contract.

Top tip #2: Communication – a two way street

Communication is an important component of a successful outsource contract and should be a ‘two way street’ whereby feedback is given from both the outsource provider and the client. The communication should also involve all parties including the client, consultants on all levels (from Junior to Principal) as well as the management team. Discussions around health checks and regular updates between the client and outsource provider will assist to identify issues or problems proactively and resolve them quickly. Equally important, communication allows the client to manage the SLA and OLA, ensuring standards and service levels are maintained and delivered according to expectations. 

 

If communication is not clear and well structured from all sides, issues and problems may ‘slip through the cracks’ and impact the business. This in turn will impact service delivery which may fall below expected levels, resulting in poor outcomes.

Top tip #3: Appropriate skills levels

It is vital for the outsource consultant to have the appropriate skills when engaging with a client. If consultants are not equipped with the required skills to match the needs of the client, they will not deliver the required services efficiently or effectively. This is especially important in the IT sector where outsourced services may be mission critical to the business.

 

Furthermore, the outsource provider must ensure that consultants are properly and continuously trained on the latest developments within their industry and the services they provide. The outsource service provider should ensure that training forms part of its consultants Key Performance Indicators (KPIs), with regular reviews and planning as well as repercussions if targets are not met.

Top tip #4: Culture fit

Another important area to consider is that of culture fit. Consultants need to align themselves with the culture of the organisation they will be working with to ensure they function optimally in their job. This requires knowledge and research from the outsource provider prior to engagement with the client. It is important to establish values, culture and ethos to ensure the outsourcer ‘fits’ in with this culture.

 

If the culture fit between the client and outsource provider is not aligned, it can lead to poor service delivery. Outsource providers should also be flexible and sensitive around the issue of culture fit and if there is a potential problem, to proactively remedy.

Top tip #5: Measurement of Service

All aspects of the contract including the SLA and OLA should be monitored on a regular basis to ensure the highest levels of overall satisfaction.  If the contract is a large one, meetings should be more frequent.  However, these meetings should be kept brief and to the point.  With regular monitoring, issues can be raised, documented and adequately addressed. It is also important to obtain positive and negative feedback from the client so that the outsource provider has an understanding of what is successful and which areas need to be addressed.  This allows the outsource provider to reward and remunerate consultants that are performing, keeping them motivated.

 

Regular service delivery surveys are also vital, allowing the outsource provider to assess the overall satisfaction of the client and address if lacking.

Top Tip #6: Maintain the management of the contract

One critical error organisations often make with outsourcing is completely relinquishing control in favour of the service provider. This often leads to poor delivery. Maintaining the management of the contract including the SLA and OLA with regular communication from the outsource provider is the final step or best practice to ensure outsourcing delivers full value.

 

Customers who maintain control and incorporate regular communication around this will typically receive higher levels of service and greater value than organisations that don’t.

To end

IT outsourcing is beneficial due to the skills levels required in this field and the shortage of certain specialists. However, when opting to outsource, it is important to look towards best practices that are aligned with industry standards, which will prevent misunderstandings and issues with service levels resulting in a more stable environment. This will also allow companies to make the most of their outsourced services including greater economies of scale, access to skills, cost effective services and improved productivity.

Not only are advisers facing an ever mounting barrage of legal and regulatory requirements, they are also experiencing increasingly assertive clients, ready and willing to lodge complaints with the ombudsman. In this environment, having clear service parameters in the form of a properly drawn up service level agreement has become imperative. 

 

“Complaints occur when there is an expectation gap,” says Richard Rattue, managing director of Compli-Serve, a leading provider of professional compliance support and services to financial professionals. “Being able to deliver to your clients is key to success.”

 

A well prepared Service Level Agreement (SLA) sets out the expectations between the client and the provider, helping define the relationship between the two parties. It is the cornerstone of how the service provider sets and maintains commitments to the client, and is essentially a binding contract. “An SLA incorporates clearly defined undertakings and deliverables thus reducing the chances of disappointing a client,” adds Rattue.

 

Under the FAIS General Code, it’s important to ensure that the relationship with the client is documented to an extent that both parties are aware of their duties and obligations to each other. The SLA is a two-way street and allows the provider to set out what they expect from the client, for example, through disclosure, reading the documentation supplied, or by informing the provider on any change in financial circumstances.

 

A good SLA should address the following key aspects;

• What the provider is promising.
• How the provider will deliver on those promises.
• Service costs 
• How delivery will be measured
• Limitations of use by the consumer of the service
• What happens if the provider fails to deliver as promised
• How the SLA terms may change over time.

 

The challenge for a smaller Financial Service Provider (FSP) is to get the relationship right between what is promised and the FSP’s resources. “An SLA can’t be created in a vacuum and must be designed with the available infrastructure and resources in mind,” says Rattue. Obviously, a relationship exists between what is promised and costs. 

 

Rattue advises using a segmented service model.  Some clients need higher levels of availability and are willing to pay more.  They would have various spheres of service incorporated into the SLA. As the services and offerings of the Financial Services Board change, the SLA may change to reflect the improvement and/or changes. “The SLA should be reviewed every 6 months and updated accordingly, and the customer should be asked to review and approve the changes,” adds Rattue.

 

Segmenting service offerings with different pricing for different service levels benefits both provider and client, in that the provider widens its target market and the customer only pays for what he or she needs.

 

Key performance indicators come into play when assessing how a quality improvement process can be integrated. By tying a problem resolution process to an SLA, improved customer service satisfaction stays a clear objective.

 

“As an SLA links the client requirements to infrastructure requirements, it creates the ability to link service levels to service cost, and as a result profitable pricing can be set.”

 

An SLA sets the standards to which the FSP is committed, and as a result a set of common goals can be managed and measured for both parties.

 

Rattue advises consulting a professional to draft an SLA.

 

“When creating an SLA, one must keep the agreement simple and measurable, set realistic goals and keep penalties limited to serious offences,” Rattue concludes.

 

The cloud is everywhere. And it is the main topic of discussion at IT conferences and trade shows. Nevertheless, a number of business enterprises are still sceptical when it comes to security and availability requirements in cloud environments. Cloud providers are responding to these worries with the zero outage strategy.

 

The seriousness of the matter became evident during CeBIT in March 2012: Facebook suffered a major outage and was unavailable for hours. Millions of users worldwide could not access the social network due to technical problems. Today mobile applications for smartphones and tablets are also at risk.

 

Outages of this magnitude can be very costly. In 2010 the Aberdeen Group surveyed 125 enterprises worldwide and discovered that outages of just a few minutes per year can cost an average of USD 70,000. Surprisingly, only four percent of the businesses surveyed had guaranteed IT availability of 99.999 percent. This should be unsettling, especially since experts claim that one hour of downtime in production costs some USD 60,000, and for an online shop the figure is USD 100,000. Banks are at the top of the list. They can lose up to USD 2.5 million in one hour of downtime.

 

Zero outage is only possible in private clouds

To win the trust of cloud sceptics despite these kinds of worst case scenarios, external data centre operators are striving to implement consistent management of their IT systems based on a zero outage principle. This includes high availability of services which, according to a definition by the Harvard Research Group, means that systems should be running at an availability level of 99.999 percent – that translates into one outage lasting a maximum of five minutes per year. The only exceptions to the principle of "zero outage computing" are agreements made with customers that govern new releases, updates or migrations. But are such high levels of availability realistic, and if so, how can they be achieved and maintained?

 

Those attempting to provide the perfect cloud must be able to discover errors or failures before they arise – and take every technical step possible to prevent them from occurring. What's more, the cause of every possible failure must also be carefully analysed. It should be noted that more outages result from software issues rather than problems in the cloud architecture itself. And there are a number of inherent differences – for example, users should not expect zero outages in the public cloud, which by nature is in the public Internet and susceptible to downtime. The trade-off for that are the many services offered at no charge in the public cloud. You can have almost limitless gigabytes of storage capacity without having to pay for it. However, you will have to do without support services.

 

Multiple security

But things are much different in the private cloud: Using their own individually designed end-to-end network solutions, providers can guarantee high availability if their ICT architectures are based on fault resilience and transparency, with integrated failure prevention functions and constant monitoring of operations and network events. What's more, having intelligent, self-healing software is also essential, enabling automatic rapid recovery in critical situations without any manual intervention so that system users are able to continue working without noticing any kind of interruption.

 

One example of high fault resilience are RAID (Redundant Array of Independent Disks) systems. They automatically mirror identical data in parallel on two or more separated storage media. If one system fails, this has no impact on the availability of the entire environment – because the mirrored systems continue running without interruption. The user is completely unaware of any issues. In addition, RAID configurations have early warning systems, and most of the incidents that occur are automatically corrected without the need for support from a service engineer.

 

However, the so-called SPoF (single point of failure) is especially critical for the overall IT environment. These SPoFs include individual storage, computing or network elements, installed only once in the system, that can completely shut down operations if they fail. Since mirroring these components is relatively expensive and complex, some IT providers do not install mirrored configurations – and that is extremely risky. But with zero outage this risk must also be eliminated. Zero outage also means safeguarding the data centre against a catastrophic failure through the use of a UPS (Uninterruptible Power Supply).

 

If one application fails, however, there will be a processing gap, for example in the form of lost transactions, no matter how fast operations are shifted to an alternate system. The failed system must be able to automatically take action to fill this gap by repeating all of the processing steps that were skipped at a later time, after the shift to the alternate system.

 

Data protection is just as important

The seriousness of the matter and urgency to mitigate the risk of data loss or leakage is evident in the South African market from the requirements for full disaster recovery and fail-over capabilities in solutions. In many cases organisations look to cloud solution providers for an IT business continuity solution. The solution is, however, not in using cloud services for disaster recovery but to source cloud solutions that have disaster recovery capabilities engineered into the solution.  

 

The same awareness and requirement for data protection is seen in the regulatory developments that applicable to sourcing IT services and specific cloud services. The Protection of Personal Information act (POPI) and King III, relevant to the South African market is becoming a major consideration when sourcing IT services and looking for a provider who is compliant with the relevant acts or frameworks. In addition, existing related certification such as ISO 27001 and Sarbanes Oxley (SoX)/ Statement on Auditing Standards 70 (SAS 70) compliance, should be mandatory when considering a cloud service provider who views data protection as critical part of their solution. 

 

Quality needs dedicated employees

Cloud providers must make sure that their employees adhere to the same standards and processes at all locations and even across multiple time zones. Studies indicate that more than 50 percent of all outages are the result of human error. That is why training is being focused on quality management as a basic integral element of company culture. This approach requires a central training plan, globally standardised manuals and comprehensive information provided by top management.

 

Every employee must do everything possible to prevent a potential failure or incident from even happening. And that also means having an understanding of what causes outages. They should act in accordance with the old saying "fire prevention is better than fire fighting." If the worst case should ever occur, employees must not be afraid to admit their mistakes, so that they can avoid making them again in the future. It is also vital to have a centrally organised specialist team that is ready to go into action, finding solutions to problems that arise unexpectedly and implementing these solutions throughout the enterprise. When faced with a serious outage, the shift manager can quickly call the team together to begin the recovery process. Employees working at the affected customer site can follow the action being taken via a communications system.

 

Quality management is an ongoing process ensuring that required knowledge is always systematically updated and expanded. It will never really be possible to guarantee zero outages in cloud processes – not even the best in class can do this – but delivering system availability that goes beyond 99.999 percent can be achieved. Businesses can be sure of this by concluding service level agreements with their service providers.

The fact that more business information is moving into the cloud or that the cloud is being used to store an increasing share of business data is not news. Nor is it news that one of the biggest challenges is ensuring the good quality of that information in line with enterprise norms.
 
One of the challenges that still remains, however, is ensuring good quality information when it resides in off-premise, cloud-based systems.
 
The hurdle has always been that organisations storing information in the cloud have been subject to service level agreements (SLAs) with their service providers that focus on access availability, speed of delivery, data recovery and security, but never on maintenance or watchful and responsible care in accordance with enterprise processes, procedures and practices. The result is that the information can never be fully trusted.
 
Integration and quality concerns, which underscore the difference between trusted or not, require both cloud and on-premise information and content be subject to the same standards. They must endure the same rigours, the same exchange protocols, integration and quality processes, domain-respective business rules and so on, to ensure that all information is uniformly managed in a standardised manner.
 
That may be achieved by mapping data between on-premise systems and those in the cloud and, if so, must be done through a standard, common set of logic and rules that are implemented to govern the information and content. That architecture will result in a compromise in processing and storage performance which is inevitable in any type of exchange and should not constrain the design to the extent that management of unstructured cloud information and content is largely ignored.
 
Another approach is to exchange only the information or content that is required by applications and users for queries or reports. It keeps network traffic and storage requirements to a minimum. Virtualisation and federation technologies can be exploited because they do not physically move all the information or content from their place of origin but rather they reference them and only the requisite bits are actually copied. That offers another enormous advantage: the information and content are left intact at source and managed by the local standards and security.
 
Failure to resolve this issue once a cloud-based architecture is adopted will exacerbate storage and duplication issues that will inflame lack of trust in business systems. Experience shows that when that occurs the speed, flexibility, and accuracy of information supply to business users breaks down with the result that organisations become inflexible, lethargic in the face of rapid market shifts, and spiral into margin depreciation.
 
More companies face the dilemma of which solution they will turn to. In an October 2011 report, IDC VP for storage systems, Richard Villars, stated that companies worldwide spent $3,3 billion on public cloud-based storage in 2010. He projected the compound annual growth rate at 28,9% which put the global spend at $11,7 billion – last year. By comparison, the total spend in 2010 for on-premise storage was around $30 billion, which puts IDC's forecast for cloud-based storage by 2015 ahead at more than $37 billion. Interestingly, IDC's report projects service providers will increase their spend from $3,8 billion in 2010 to $10,9 billion by 2015.
 
So, once the cloud is incorporated into enterprise information strategies, regardless of which option companies choose, many more are facing the challenge, as there will always exist a growing need to expand on existing on-premise information management processes and capacity to accommodate external cloud information and content.

Economic conditions are a very pressing challenge for organisations of all sizes around the world, resulting in squeezed budgets. One such area is IT. As a result, many organisations are turning to outsourcing as a business model, as it offers savings, flexibility, scalability and the ability to access resources on demand rather than having to hire them full time. However, as a result of the unique conditions in South Africa which include a massive skills shortage, and in an effort to further save money, some organisations are turning to temporary staffing solutions to fill critical posts. This can be a costly mistake.

While temporary staffing are often cheaper in the short term than an outsourced provider, and can help to fill gaps in the IT environment, there are certain areas where temps are not the ideal solution, typically mission critical areas such as the database. When it comes to the database, knowing the difference between outsourced and temporary resources and choosing the right one for your business could make all the difference.

In areas such as the database, it is simply not possible to assign a nine to five value for tasks such as database administration. The IT environment does not stop working at five in the evening and over the weekends, like people do, and many organisations do not realise that temporary staff members may not be available after hours. If they are available, they need to be paid after hours rates, which are generally a lot higher than normal rates. In critical areas such as the database, organisations will be left with little choice other than to pay the 'after hours' rates, since the consequences of extended downtime are undesirable. Temporary staff may also call in sick, or even leave the organisation, which means that these staff will have to be replaced – a significant challenge in a skills scarce environment.

An outsourced provider, however, is contracted by a Service Level Agreement (SLA) to deliver a certain level of support, irrespective of the time of day, the day of the week and so on. These providers stake their income and reputation on being able to provide the services organisations need, when they need it, which is a far better option in mission critical environments. Outsourcing also provides a service, as opposed to a staffing solution. This means that even if the usual resource handling an account is unavailable for any reason, the service will still continue as there is a pool of resources for the outsourcer to draw on.

Outsourcers can provide 24/7/365 support for critical IT applications and infrastructure, and their business is built on delivering these services to the highest standards, whereas the loyalty and commitment of temporary staff can be low as they have no incentive otherwise. Furthermore, temporary staff are often not included in company training due to budget pressures. If the employer does not invest in upskilling temporary resources with additional training, there is little opportunity for growth. Their key performance indicators may not necessarily be aligned with those of the business but rather aligned to the temporary contract.

Outsourced resources are highly trained and are exposed to many different environments from which they are able to learn. Their training is kept up to date by the outsourced provider, and certifications are also of the utmost importance, since it is in their best interests to maintain the highest levels of skill. Outsourced providers, through SLAs, will also ensure that the key performance values of the outsourced resources are aligned with the business, since outsourcing at its core is a business service.

When it comes to the IT environment, not all areas are mission critical. Not all aspects of IT require the high levels of service delivered by an outsourced provider. Some areas work well with temporary staff, particularly in areas such as web development where the task at hand is not a 24 hour job. The database is not one of these areas. It is critical to the business and it needs to be secure and maintained. A database administrator must be able to access all of the data contained within a database, which could prove dangerous if this task is handed to someone with no loyalty to the company, as the Wikileaks saga proved.

Database administration requires a trusted, skilled resource who will document processes according to best practice, who has the necessary skills which are kept up to date, and who will be available whenever needed, whether this is after hours, on the weekends or during the course of a normal business day. No single resource will be able to provide this, but an outsourced service provider can.

An organisation would never hire a temporary security guard, as this represents a huge business risk – the guard may not be loyal because he has no job security and he needs to sleep and have days off. Even hiring an additional security guard does not solve this problem, as one guard may get sick, both may leave and so on. Security is not a one person job, it should be a service. The same is applicable to database support, where the modern business is hit hardest if something goes wrong. Business solutions such as outsourced services are critical to keep the database, and the business, up and running optimally at all times.

Applications are core to any modern business, and provide a host of features to enhance productivity, enable competitiveness and deliver supporting business functions. However, if these applications are not optimised, developed and maintained throughout their lifecycle, they will fail to deliver on expected benefits over time. These legacy applications become increasingly less effective and more costly, and are less adaptable to changing business needs and markets. Outsourced Application Management and Modernisation (AMM) is addressing these challenges, ensuring that legacy applications are updated to meet current needs and that existing applications are managed to ensure they continue to provide desired functionality.

A key driver within any organisation is cost savings and among the many benefits that AMM offers, this is a key benefit. Legacy applications can simply be updated, rather than having to 'rip and replace' them, saving capital outlay. AMM also enables applications to rapidly scale according to fluctuating needs and delivers flexibility. The end result of this is a more agile business that is able to respond quickly to market and organisational challenges, increasing competitive advantage and improving bottom line profits along with cost savings.

As the name suggests, one of the most crucial elements of AMM is application management. As part of a comprehensive AMM service, an outsourced provider takes ownership of an organisation's business applications for a specified period of time. This unlocks resources within the organisation to focus on its core business rather than being burdened with this responsibility.

Application management consists of a number of phases, from the analysis of the current environment, planning and preparation which incorporates due diligence, service design and transition planning, transfer of services, and ongoing operations.

Application modernisation is the second aspect of an AMM programme, and aims to provide sustained improvement of the application landscape for the ongoing enablement of the business operations. This process should always take into consideration the organisation's entire business, ICT and service context, to ensure that any modernisation of applications will increase the effectiveness and efficiency of the business as a whole. Modernisation projects should be based on a thorough analysis of potential improvements to efficiency and effectiveness across these three contexts.

Modernising the application landscape is a three-stage process which includes industrialisation, consolidation and finally transformation. Industrialisation focuses on the standardisation of service processes and the sourcing and service delivery model. Consolidation involves not only bringing together the application landscapes but also harmonising the embedded business processes, the related middleware and extensive deployment of virtualisation. Transformation includes the introduction of Software as a Service (SaaS), the transformation of service management architecture to Service Oriented Architecture (SOA) and the transfer of applications to network-centric infrastructures.

Together, these three stages of modernisation deliver multiple benefits. Transferring enterprise applications to cost-effective standardised IT platforms offers considerable potential for improvement, while transforming legacy systems to applications that are based on leading standard software products that reduces operating costs. This process also offers a variety of additional functions designed to standardise simplify and accelerate business processes.

AMM not only enables organisations to reduce their application costs, it also ensures that applications have maximum availability and functionality with limited/minimum interruptions that could cause delays for business. Modernisation, including industrialisation, consolidation and transformation, ensures that applications are more effective and that business processes are simplified thereby increasing efficiency and further reducing operating costs. Access to specialised skills through the use of an outsourced provider also ensures that AMM services are of the highest possible quality, and that solutions can be carefully planned to proactively exploit emerging business opportunities.

While AMM offers significant business benefits, it is important to bear in mind that the AMM service should be governed by a comprehensive standard service catalogue and a set of Service Level Agreements (SLAs). This ensures that service delivery and quality is sustained throughout all phases of application management. As with any outsourced or consultancy offering, the service and pricing model should be tailored towards the individual needs of an organisation. The configuration of the service package should also be adaptable at any time to ensure that outsourced services continue to meet the changing needs of a business in response to shifting markets.

By harnessing AMM, ensuring that applications are managed and updated throughout their lifecycle, organisations can ensure optimal productivity and functionality at all times while benefiting from reduced cost. This in turn improves business agility and provides room for growth, giving businesses the all important edge over their competition.

It is widely acknowledged that ERP solutions deliver significant benefits, including improved productivity and business insight, improved process standardisation, efficiency, and adaptability and reduced risk. However ERP operations are not a core strength for the majority of organisations. In order to leverage the true value from ERP solutions and services, it makes sense to outsource these to a professional provider that understands the intricacies and has the breadth of experience from working with multiple clients that all experience different scenarios and challenges.
Outsourced application operations for ERP solutions enable organisations to gain access to high quality ERP services tailored to their business requirements, as well as access to a pool of specialist skills and resources to draw on when necessary. This also ensures that organisations are always up to date with the latest technology, and provides greater flexibility with regard to cost structures.
ERP environments can be enormously complex to run, entailing much more than simply provision of infrastructure. These environments consist of several layers, from infrastructure to basic operations, products and provisioning to application management services and system integration services. This often requires additional services to ensure smooth operations and consistent service provision. ERP application operations can enable organisations to outsource any or all of these layers to ensure they are getting the most out of their ERP solution.
An outsourced ERP solution should always include as a first step a governance model, which clearly defines touch points between the customer and the outsource provider. Services should be ITIL compliant, and all processes and procedures should be underpinned by best practice methodology. Once this is in place, the various layers of an ERP environment can be considered in a modular or holistic approach depending on requirements.
Underlying ICT infrastructure should be run on an open, industry standard platform that supports all operating systems. This infrastructure includes all aspects of ICT, from fire protection systems and backup power generators to air conditioning, racks, servers and processors. Network services, desktop services, mobile device integration, storage on demand services and firewall services should also be included to ensure that a comprehensive infrastructure-centric solution is offered.
Operations consist of all computing activities carried out in conjunction with the provisioning and operation of an ERP environment. These include IT infrastructure service such as consulting, configuration, installation, start-up and monitoring. Key tasks that can be outsourced here include hosting, storage and database management as well as ERP services. By outsourcing these aspects organisations can gain access to highly trained specialists who will be responsible for monitoring, reporting, adherence to Service Level Agreements (SLAs) and provision of second and third level support.
The ERP applications layer is one which is quite commonly outsourced, both in terms of technical infrastructure and software, with a view to cutting costs and enabling organisations to focus on their core business. Application operations provide organisations with the ability to become more flexible and agile with their ERP applications in regard to changing requirements. Outsourcing this service enables organisations to leverage the specialist skills required to modify applications to meet dynamic business conditions. These skills are often too expensive to maintain in-house, as application modification is not often a full-time requirement and is not a core business function for most organisations.
On top of these layers it is also possible to outsource application management and modernisation (AMM) and system integration services, which include application development, upgrading, maintenance and modernisation of existing applications. Consulting services are another commonly outsourced area, helping organisations to optimise their ERP operations and system configurations and update landscapes.
ERP, as with all ICT services, should be fully scalable in line with the dynamic and constantly changing modern business environment. This makes outsourcing an attractive option, as this model ensures that services and resources are supplied on demand, offering greater flexibility and value for money.
From a financial perspective, outsourced ERP applications operations have the potential to save organisations money on a sustained basis, turning CAPEX into OPEX and reducing the financial risk that is often associated with operating an ERP environment. Added to this the complexity of the ERP environment and the need for performance, security, transparency and cost-effectiveness, and the argument for outsourcing to a skilled and experienced partner is a compelling one.