Due Diligence in Vendor Selection: Laying the Groundwork for a Strong Relationship

The first installment in this series described the process of evaluating your current vendor relationships to determine which of your concerns are not being met. In this article, we're assuming that either you're in the first phase of vendor consideration or you've made the decision to consider alternate vendors, and will be going through the process of interviewing and choosing new vendors. We’ll present some specific items to include in your due-diligence checklist for choosing vendors appropriately. Unfortunately, there is no one-size-fits-all checklist. Each business will have a slightly different checklist, based on its specific business goals, needs, and expectations. Vendor selection, which is an intricate courtship dance of hopes, expectations, and offers, sets the scene for the subsequent relationship. Every business wants a reliable, low-cost, and scalable solution when seeking vendors. In radiology, many times, the product or solution that we are looking for will play a critical part in our daily workflow. It is preferable that we have a friendly business relationship with the vendor we rely on in those critical times. In the world following the 2008 financial bailout, a key concept that is being revisited is that of categorizing and understanding risk. This includes leveraging for upside risk and protecting against downside risk. The same concept applies to any strategic business venture, such as choosing an important vendor. A good place to start is to ask the two big questions: What do I want/need out of this vendor relationship? What can go wrong, against which I must protect myself?
Amin Holmes Most people and businesses are accustomed to answering the first big question. They are diligent about collecting and analyzing that information. They send out requests for proposals to various vendors, detailing their wish lists of features and benefits that will help them achieve their business objectives. Generally, they think that they can make good decisions about which vendors will help them achieve many of their business objectives. Examples of strategic thinking related to the first big question include comparing/contrasting the features and benefits of the vendor's product or service with those of competitors; understanding the support process offered by the vendor; setting up regular status meetings, updates, and reports (during implementation and afterward) for smooth implementation and postimplementation phases; understanding the relationship between your existing workflow and the vendor's product or service; and understanding expectations for how your company can be a good customer (payment schedules, acting as a reference, and so forth). Those specifically evaluating RIS/PACS vendors may also find it helpful to:

• verify the written processes and procedures of the prospective vendor;
• ask specific questions about staffing (quality assurance, development, support, and similar points);
• require a demo period with live data;
• inquire about release schedules (automatic updates and downtime required);
• ask specific questions about image storage and retrieval (DICOM and disaster recovery); and
• understand the costs associated with data migration.

This traditional approach is an excellent starting point, but it is only a starting point. When you take the second big question as seriously as the first, you'll really shield your business from the potential for miscommunication, unspoken expectations, implementation delays, and project failure. How do you begin to think about what could go wrong? Who can help? The second big question requires someone to imagine the puffy white clouds on the horizon turning into a thunderstorm someday soon. Not everyone is equipped to frame the second big question as it relates to your specific business. You need someone on the team who is comfortable dealing with threats and obligations from a business and/or technical perspective. Sometimes, these people are to be found in the field of risk management or medical image consulting. If you don't have someone on your staff to help you with the second big question, bring in outside help. Some specific areas of consideration are represented by the questions that follow. How can your vendor help you fulfill your legal and compliance requirements? You can delegate tasks, but generally can't abdicate responsibility. Has your vendor been reviewed and certified by a neutral third party (such as an external auditor) to ensure that what it promises about its product is accurate? What is the method for resolving complaints with the vendor? What metrics are agreed upon, and who is responsible for tracking and reporting on those metrics? What if personalities are the source of the breakdown? Sometimes the technology is fine, but the people are difficult. Will the major risks be sufficiently mitigated, both in the contracts and in practice? Major risks include widespread data loss and leakage, natural disasters, and business failures. What is the mechanism for renegotiating contracts if something goes wrong? How do you retrieve your archived data, in the event of separation? Who maintains ownership of hardware and/or software? Once you've figured out how the two big questions relate to your specific business situation, you can narrow down the field of prospective vendors and lay the foundation for a good vendor relationship. Always remember that it is a relationship in which there are two parties, each with ambitions, expectations, and needs. Be clear and honest with yourself about what's important. Gaining internal clarity will put you in a better position to choose the right vendor and build a strong, mutually beneficial business relationship.