PLM Openness and Vendor Risk Management

Von Meikeleopold

Have you been following the discussion around PLM Openness? If not, please refer to the article Open words – ProSTEP-iViP Symposium in the BMW Welt, Munich as a starter. 

The work on this topic focuses on two action fields:

  • Technical (API granularity and lifecycle, standard support, documentation…)
  • Business & Legal (partnership model, roadmap commitments, cost for toolkits etc.)

I found this second field to be especially interesting, probably because two vendors such as Dassault and Siemens PLM are perceived very differently in terms on PLM openness, although there are a lot of similarities on the technical level.

Enter VRM

IT Vendor Risk Management is an element of enterprise and IT risk management. The purpose is to assess and manage risks related to IT suppliers. Such risk monitoring is mandatory in some industries, e.g. when dealing with personal data (BDSG in Germany), payment card or healthcare information.

A comprehensive VRM approach is based on a rating framework with criteria such as financial performance, staff turnover, customer turnover, product failures, strategy changes or market entry of new competitors. A good question to ask: Would my bank extend credit or invest in the vendor?

Such an approach can be supported with a VRM solution. These applications come as part of a larger enterprise risk management suite or as stand-alone solutions, typically SaaS.

Bringing it together

As technology risk management consultant Joel Lanzpoints out: „a good contract is the foundation to successfully managing IT vendor risk“. This contract should document all expectations. An extract in plain English should be provided to the team so that everyone knows the rules. A clause defining the “right to audit” supports the monitoring of important contract elements.

What is your experience with VRM for PLM vendors?

(cross-posted from my other blog )