A customer ordering an information system may be stuck with a particular vendor’s technology, which may limit the possibilities of using the technology, solution or service they have purchased with other operators besides the original vendor. Vendor dependence is not always a negative issue, however. There are also ways of avoiding it.
Author
Matti Vedenkannas
Principal Legislative Adviser, LL.D., trained on the bench
Audit
Vendor dependence means being stuck with a specific vendor’s technology, which is often referred to as ‘vendor lock-in’. This limits the customer’s possibilities of using the technology, solution or service they have purchased with other operators besides the original vendor.
Legal vendor dependence is the result of contract provisions, such as intellectual property rights retained by the vendor. Vendor lock-in may also be due to technical or financial reasons that make the information system incompatible with other vendors’ systems, or the cost of breaking away from the old vendor is high.
The National Audit Office examined this issue in a recently published audit titled Legacy information systems.
Vendor dependence may be based on contractual clauses or actual dependence
Legacy systems often make the customer dependent on the vendor. Under old contracts, intellectual property rights may be distributed in ways that are unfavourable to the customer. For example, the vendor may only be obligated to hand over the source code of the system to the customer once the maintenance contract expires. In practice, such contractual clauses may prevent the customer from providing sufficient information to tenderers, which makes putting services related to the information system out to tender difficult. Such unfavourable terms may have been used as, at the turn of the millennium, it was thought that the original vendor would be responsible for the information system contract until the end of its lifecycle.
In legacy systems, vendor dependence may also have technical or financial reasons. A long-standing partnership tends to create a situation in which breaking away from the old vendor is difficult and expensive.
Legacy systems and supplier dependence are often regarded in a negative light. Legacy systems are frequently seen as inflexible, mission-critical information systems with high maintenance costs and limited information security continuity. Vendor dependence, for its part, is usually considered a risk that may incur increasing costs for the customer while restricting competition in the market.
In practice, however, the issue is not quite as black and white as this, and an information system that has been in use for a long time is not necessary a negative thing. A long lifecycle may also indicate successful design and sustained maintenance and development, in other words successful lifecycle management of the system. Similarly, dependence on a single vendor may also be a positive in certain situations. For example, it is possible that an experienced vendor’s familiarity with the processes facilitates system maintenance.
New SaaS services may also cause vendor dependence
Vendor dependence is not a risk exclusively associated with legacy systems. This possibility should also be taken into account when designing new information systems. New contract models may also involve a risk of vendor dependence.
SaaS services (Software as a Service), which have become more common in recent years, are fully controlled by the vendor and may be difficult to break away from. To counterbalance the risk of vendor dependence, SaaS services often also offer the benefits of off-the-shelf solutions. If a solution that meets the customer’s objectives and needs is available on the market, efficiency gains can be obtained from using such services.
Vendor dependence risks can be limited
The customer can actively reduce the risks of vendor dependence. There are many different ways of doing this (good practices) that may be associated with the planning of the procurement, conduct of the competitive tendering process and contractual provisions.
Well-planned enterprise architecture improves the interoperability of systems and reduces the risk of vendor dependence. A multi-sourcing model can also be a way to reduce dependence on a single vendor.
Sometimes the contracting entity may not be able to specify the object of the contract accurately enough to meet their need. In this case, it may be appropriate to use a negotiated procedure or competitive dialogue instead of an open procurement procedure.
Dependence on a single vendor may also result from lack of competition. Excessively stringent technical requirements often limit the number of bids. One way of preventing such situations is an invitation to tender that specifies the contracting entity’s objectives rather than provides a detailed description of the object, which enables tenderers to choose the most suitable implementation method for the object of the procurement. This type of goal-based description of the object of the procurement – which does not tie the vendors’ hands – may not only promote competition but also enable tenderers to offer novel solutions.
The risk of vendor dependence can be reduced through contractual provisions. The clauses concerning intellectual property rights can give the customer the possibility of utilising the system. Implementing the system with open source code is another possibility, which allows the user to familiarise themselves with the source code of the program and modify it for their own purposes. The risk of vendor dependence can also be reduced through contractual provisions on the supplier’s obligation to assist the customer with changing suppliers. This obligation is also set out in the General terms and conditions of government procurements (JIT 2015).
