How do you know if your RFP process is an exercise in CYA?
An effective request-for-proposal (RFP) process is designed to bring structure to procurement. Mature organizations use RFPs to learn how various vendors approach a project to maximize value and minimize risk. The process enables better decision-making by allowing benefits and risks to be identified.
Privacy regulations require organizations to conduct due diligence. Information gleaned from vendors during an RFP can certainly be part of due diligence. However, the terms are not synonymous.
A quick Google search for “due diligence” returns references to “cover your ass” (CYA). Due diligence refers to the care taken before entering into an agreement or a transaction with another party.
Often, RFPs are mistakenly considered due diligence. Due diligence must be conducted regardless of an RFP.
The most important part of an RFP is a defining requirements. The first step is completing a needs analysis. Especially for complex and risky projects, tapping vendor expertise when designing the RFP can ensure requirements are sufficient and appropriate.
Once an RFP is underway, a mature RFP process will allow for an organization to revisit original requirements if an unforeseen risk is revealed. When an organization ignores unforeseen risks that come up during the process, the RFP is probably just an RFB (request-for-bid) masquerading as due diligence.
Ensure your RFP is not an ineffectual exercise in CYA. Before you begin your RFP, make sure you are solving the correct problem.
If you are interested in a comprehensive list of requirements to consider when outsourcing ITAD, please contact firstname.lastname@example.org.