Ensuring a Successful RFP

At eBRP we have responded to Requests for Information (RFI’s) and Requests for Proposal/Price (RFP’s) for more than a decade. One thing our experience show is that Business Continuity managers have difficulty estimating the time it takes to push BCM software acquisition through their internal processes.

If you are in the market for BCM software (or are simply thinking about it) this advice may help you meet your goals.

Anticipate the Hurdles
  • If you design your RFP by committee, that process will take longer – and result in a complex document with a wide, conflicting set of objectives. It’s been said that a camel is a horse designed by a committee. Too many diverse objectives will make analysis of the vendor responses more difficult – and more time-consuming.
  • Henry Ford once said “If I ask people what they want, they’ll say: faster horses.” Be aware that some stakeholders have a vested interest in maintaining the status quo. They will skew your objectives. Your objectives ought to seek to accomplish more – not just better ways to do the same things you already do today.
  • Every step will take longer than you think (except vendors’ responses to your RFP; they’re obligated to comply with your deadlines). Internal stakeholders have no down-side risk if they miss deadlines.
  • In most cases – BCM is not an organizational priority. Your Procurement, Legal, Information Security and Information Technology stakeholders have bigger fish to fry. They’ll get to you when they have time, and will not be bound by your timeline.
  • If your RFP review process involves a committee, timeline ‘creep’ is inevitable. Every committee member feels compelled to add their opinion. Getting consensus on a final decision will take much longer than you anticipate.
  • If your timeline is predicated on a budget that expires at the end of the year ‘timeline creep’ may jeopardize budget availability.
  • The longer your timeline extends toward year-end, the less likelihood of success. By the 4th quarter organizational priorities may change. Budgets may be reduced. Stakeholder needs may change. The later your decision process extends, the greater the likelihood that your objectives no longer fit changed in priorities.
What you can do to Improve your Odds of Success
  • Use available resources (Forrester, Gartner, etc.) to narrow your initial vendor list to those who have the capabilities you require. Sending RFP’s to every BCM software vendor on the planet just lengthens the analysis process.
  • If you don’t know who can meet your requirements, send out a short, simple Request for Information (RFI) listing only your mandatory requirements. Those who can’t meet them can be excluded from your RFP process.
  • If your budget that must be spent by the end of the calendar year, start your acquisition process at least 9 months in advance.
  •  Have your RFP ready to distribute no later than June 1
  • Narrow your ‘short list’ to no more than 3 vendors by July 30
  • Ask your short-listed vendors for their contracts, agreements and SLA’s when you advise them of their status. You can do a cursory review (just to make sure there are no ‘deal killers’) – and be ready to pass them to Procurement, Legal, Info Security, et al as soon as you’ve made your final selection.
  • If you schedule demonstrations or interviews with the short-listed vendors, plan to do them via WebEx. If you feel face-to-face meetings are important, schedule them with your key decision-makers – not your entire committee. The larger the group, the more difficult it will be to find available time slots. Pick dates and stick to them.
  • Set your hard and fast vendor selection deadline no later than August 30th – and stick to it. Keep in mind that July & August are typical vacation months. Getting consensus from your committee may be a challenge during those months.
  • Leave your stakeholders plenty of time to validate your decision. The closer your relationships with the Procurement, Legal, Info Security, etc., the easier it will be to keep them on track to meet your deadlines.

Good Luck!

Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…
The BCM Challenge: Executive Buy-In

The BCM Challenge: Executive Buy-In

As a Business Continuity Management (BCM) solution provider, the first…
DR Plans – The What, When & Who

DR Plans - The What, When & Who

As a Business Continuity practitioner with more than 20 years…