What is IT vendor management?

There are many ways to define IT vendor management, and sometimes it even refers to a specific office or staff role. However, for the purpose of the higher education community and this framework, IT vendor management is considered to be a coordinated set of activities that an institution uses to form and manage its relationships with vendors and their products. These activities typically require a collaboration between IT professionals, procurement professionals, and leadership.


Why do we care?

Institutions have noted an increase in both the number of IT vendors and the level of complexity of the partnerships (e.g introduction of AI into platforms). The rise of Software-as-a-Service products, digital transformation of business processes, and the ever-changing regulatory landscape, require careful contracting and monitoring. Vendor management practices need to mature to manage these complex and critical relationships, which often requires a discussion with stakeholders outside of the traditional IT role.


What is the framework?

The Community Framework for Vendor Management is a catalog of activities that enable IT vendor management.  This Framework was compiled by an Internet2 working group comprised of procurement, legal, and IT professionals from a variety of public and private institutions. Recognizing that institutions of higher education are organized differently, this framework is not prescriptive or all-encompassing, but created to serve as a resource. 

The activities are segmented into three broad work areas, or pillars, that are typically found within higher education: operational IT, procurement management, and IT strategy.

  • Procurement activities are generally performed by an institution’s procurement office.
  • Operational IT activities can be performed by a Vendor Management Office or IT leadership, but are most often performed by IT Staff - business owners, process owners, system administrators, service owners, IT managers, software asset managers, IT contract managers, information security professionals, compliance staff, etc.
  • IT Strategy activities are generally performed by IT Leadership, CIO’s, CTO’s, and directors, but could also be dispersed among high level operational IT staff, IT procurement, or even development (for scholarships, licensing arrangements, etc) depending on the organization and available resources. 

The Framework has also been segmented into the different work phases of the vendor or contract lifecycle: foundational, executional, and relationship lifecycle.

  • Foundational activities represent the baseline internal framework needed to support vendor relationships including roles and responsibilities and policies.
  • Executional activities occur on a day-to-day basis when working with the technology or the vendor relationship.
  • Relationship Lifecycle activities are forward thinking and consider the future of the institution’s business needs, the future of the vendor functionality, and changes in the market or regulatory environment.


Who is this for?

Information Technology and Procurement professionals. 

Recognizing the high variability in size and complexity of institutions, as well as their level of maturity with vendor management, this framework provides information and ideas without prescribing a solution. Any institution can review the framework and select activities to implement and strengthen their ability to manage IT vendors.   

Documents and Resources 


Community Discussion  

“We do not do vendor management.”

Are you sure?  Many IT Staff don’t recognize when vendor management activities are being done. 

    • Check out the “foundational” section of each pillar. It’s likely that your institution has established some of the items listed and/or has staff in place to perform these activities. 
    • Check out the tasks in the “executional” section of each pillar. These activities are so frequently performed that you may not even recognize these as vendor management activities. 
    • Check out the tasks in the “relationship lifecycle” section of each pillar.   This is the area where most institutions have opportunity for growth. 


“Our Procurement Office does all of our vendor management.”

Do they?  Procurement plays a significant role, but other staff are required for successful vendor management. 

    • Vendor management is not siloed to one area. The framework white board is color coded to show that certain tasks could be performed in the pillar where it is listed but could also be done by staff in a different area.  
    • The framework highlights overlapping tasks in the foundational, executional, and relationship lifecycle sections, indicating how other universities have organized and worked cross-functionally between the operational, procurement, and strategic silos to manage vendors. 
    • Overlapping tasks also show that if one pillar cannot take on the responsibility of a certain activity, it could be taken on by other staff to ensure quality vendor management. 


“No way do I have the staff for this!”

We feel your pain! Try not to get overwhelmed by the whole framework, your institution may already be doing a majority of the activities.

    • Look at the “foundational” level and identify activities that are already being done by someone in either IT Operations, Procurement, or IT Strategy. 
    • Talk with others at your institution who are involved in vendor management or undertake vendor management related tasks. Are there activities and processes that are currently informal and siloed? 
    • In some institutions, the operational and strategic pillars may be “hats” worn by the same individual. This framework can still be used to identify and execute key activities.
    • In some institutions, the “Procurement” pillar may be split between a Procurement office and an IT contracting professional. In those cases, it may be helpful to clarify roles and responsibilities between those two people or groups.


“We want to create a dedicated Vendor Management Office / Group” 

Cool! Your institution is probably very familiar with the activities listed in the framework and has buy-in, coordination, and collaboration between the operational, procurement, and strategic staff. 

    • The strategic pillar of the framework can be referenced to help you create governance and establish roles and responsibilities of new staff. 
    • You could use any portion of the framework  to populate job descriptions for newly created roles.
    • The Vendor Management Office / Group could be a new department or it could be a virtual, cross-disciplinary working group. 
    • Understanding the framework and how the overlapping activities work could help you determine what internal relationships need to be established or strengthened to manage IT vendors. 


“I’m ready to start! Wait, where do I start?”

You may have already started!  

    • The first step is often to establish roles, responsibilities, and lines of communication between IT Operations, Procurement, and IT Strategy. 
    • Another frequent starting place is to develop an inventory, assessment, and intelligence of existing technology vendors and business needs.

If you haven’t done those things, start building those relationships and create an inventory of your technologies. If you already have those in place, now you can:

  • Review the framework to identify gaps at your institution.
  • Talk with others at your institution who are involved in vendor management to get their perspective on pain points, and jointly prioritize which activities need to be implemented. 
  • Consider trying out new vendor management processes with new contracts, or with vendor relationships that need particular attention now. Don’t try to implement enhanced practices with every vendor all at once!
  • Review the community resources for ideas, templates, and other resources that you can reference to create your own documents that will help manage your vendors. 
  • No labels