Need for Action (GDPR Risk Mgmt) Oct'16

Progressive Intelligence
Partners in Achievement
USA • UK • INDIA
Private & Confidential
Independent Strategy & Operations Advisory
3rd-Party Service Management Contracts
Managing risks, mitigating exposure, and ensuring value delivery
Operations Risk Management
Responding to General Data Protection Regulations (GDPR)
Need for Action
October 2016

www.piplinc.com
“An ably led, well defined, pragmatic,
measured, and adequately
funded enterprise-wide Data Risk
Management (DRM) program is not
an executive prerogative; it is a tacit
mandate from the shareholders for
the very survival of a business in
today’s data-driven economy.”
GDPR compliance risks worrying you to distraction?
Recently introduced EU data
protection regulations (GDPR) lay out
broad ranging sanctions in case of
compliance failures. Articles 5, 32
and 83 are not just relevant for a
business, but also for its partners up
and down the service delivery chain.
In all likelihood, inadvertent lapse or casualness in setting up adequate data protection provisions
across your business poses high material risk of an adverse impact on its performance*.
* Financial consequences of non-compliance to data privacy regulations for some businesses have already been huge -
"Between 2008 and 2012, the top ten banks globally lost close to $200 billion through litigation, compensation
claims, and operational mishaps." (Nonfinancial risk: A growing challenge for the bank, McKinsey & Co, July 2016)

www.piplinc.com
2016 Data Breaches (US Only)

www.piplinc.com
Makings of a Perfect Storm - Confluence of Factors
Big Data
Volume
Velocity Variety
Veracity
Cloud
Compliance
PrivatePublic
Mobility
Transport
SourcesAccess
Management and
operational complexity,
with gaps in delivery
leading to risk creep
Several vendors working
independently on different
parts of a typical service
delivery chain
Risk
Monitor
RespondStage
Prepare Plan
CurrentUbiquitousRisk
Factors
AddedComplexityRisk
Factors

www.piplinc.com
Mitigating Risk through Service Value Assurance
* The impact of sourcing trends on governance - Prof. dr. Erik Beulen,
University of Tilburg, The Netherlands, Outsource Magazine, Jan 8, 2015
Must demarcate operational
accountability and align liabilities for non-
compliance across the contracts.
Must put in place formal agreements for conflict
resolution, proactively addressing risks through
compliance monitoring and robust governance.
Private/Hybrid
Cloud Services
Must ensure balance between individual vendor
performance and integrated solution delivery.
* Working across a matrix of contracts with unclear or misaligned mutual operating
instructions creates disconnects and ambiguity, resulting in value erosion of investment

www.piplinc.com
Experience, Creativity, Practicality - Trusted Advice
Progressive Intelligence's Trusted Advisory Service Risk
Management & Mitigation…
We offer a holistic approach to governance in multivendor
scenarios, securing tangible incremental value.
We craft multitier T’s & C’s that are perfectly aligned to
clients’ strategic objectives and business risk appetite.
We apply our extensive contract experience, domain
expertise and know-how to identify opportunities.
We focus on performance, cost savings and risk reduction
by converting legal T’s & C’s into operational mandates.
Unbiased - advice focuses solely
on clients’ interests and well-being.
Cross-functional - approach
addresses business, financial,
operational, legal & regulatory risks.
Insightful - quick audit identifies
disconnects and establishes clear
accountability across the full range
of service provision among
vendors.
Value Preserving - “does no
harm”; creates incremental value.
Great governance can manage a bad contract, but a great contract doesn’t guarantee
success - you need good governance for that.
Don Flores, Partner - TPI

www.piplinc.com
The Challenge
Management, control and coordination of service delivery in order to predictably achieve
strategic goals and minimize business risk.
Objectives
UnpredictableRisks
IntegratedService
ManagedRisks
StrongGovernance
Outcomes
Value
Objectives

www.piplinc.com
Target Causal Factors
Strong Governance (aligned contracts)
• Contracts legally sound but operationally weak
• Contract drift - “gaps”, “overlaps”, “conflicts”, “changes”
• Hub & spoke contracting model; SLAs unfit for purpose
Managed Risks (business, financial,
operations, regulatory & legal)
• Incomplete risk scenarios and inadequate monitoring
• Non-specific actions in response to risk events
• Limited mitigation and reactive risk response
Integrated Service (multi-vendor seamless
processes across Public/Pvt infrastructure)
• Helpless dependence on “big” vendors; sub-optimal utilization
• Handicapped by vendors’ standard contracts
• Lack of operational controls; unclear liabilities; termination limits
Problems
Drifting contracts and expectations, evolving regulations, technology innovation, and proliferation
of data - need clear operational accountability for business-as-usual and in handling exceptions.

www.piplinc.com
Target Likely Consequences of Inaction
• Unpredictable personal/business liabilities
• Risk rests with client
• Unexpected costs
• Unmet needs
• Poor performance
• Vendor acrimony
• Unquantified risk exposure
• Uncapped liabilities
• Hidden risk scenarios
• Ad hoc risk response; unpredictable outcomes
• Hostage to fortune; vendors have client over a barrel
• Acceptance of inadequate “norms”
• Disconnected and inflexible contract terms
• Insubstantial basis for litigation as an option
• Excessive cumulative costs; sub-optimal value for money
Concerns
Must ensure security and data protection across a mix of public and private service
environments - need a tight integration of multi-party legal and operational obligations.

www.piplinc.com
Target Recommended Solutions
• Correct, complete & consistent legal and operational T’s & C’s
• Standardized mechanisms and control of contract performance
• Integrated contract governance model
• Comprehensive critical risks inventory
• Structured risk event-mitigation-response framework
• Executable, monitored and controlled risk management
• Revisiting and realigning expectations across contracts
• Restructure and renegotiate T’s & C’s (as necessary)
• Re-engage with vendors
• Effective mapping of legal T’s & C’s into operational actions
Approach
Verify legal robustness is backed by effective operational controls and mechanisms -
each contract needs to be an integral part of a streamlined service delivery.

www.piplinc.com
Target Benefits of Remediation
• Clear accountability and effective risk reduction
• Cost optimization and realized savings
• Address business requirements
• Performance assurance
• Delineation of liabilities
• Pre-emptive risk mitigation
• Rapid risk response model
• Limits on financial exposure
• Regulatory and security compliance
• Service contracts aligned across varied vendors
• Best-of-breed mix of disparate services and vendors
• New vendors can be added seamlessly to the mix
Outcomes
Everyone feels responsible but only designated people are accountable - need assured
performance, minimum predictable risk and highest possible returns.

www.piplinc.com
Summary
Multivendor service contracts are complex to manage and
mutual deliverables can get misaligned. If left unchecked,
diffused accountability introduces unpredictable risks,
escalating costs, and non-performance.
Due diligence to ensure adequacy of the contract matrix,
i.e., commercial flexibility, limits on risks and liabilities,
efficient operations management, and compliance to legal
& regulatory constraints is a critical business imperative.
T‘s & C’s must be streamlined across the contract matrix
and supported by operational controls and mechanisms
for effective execution and service delivery.
Ring-fenced “Cloud” provisions
are operationally isolated from
the other vendors, introducing
the risk of disconnects.
Contracts fragmented across
multiple vendors without
“bridging” conditions, lead to
poor performance and
increased exposure to risks &
liabilities (business & personal).
The most in-elastic service
component will define service,
scale and spend elasticity; it
may not justify the risk of a
heterogeneous environment.
vendor Client
vendor
Drift
DriftDrift

www.piplinc.com
Bottom-Line
Your in-house legal team and attorneys can do a great job managing your legal and
contractual terms & conditions with 3rd-party providers
HOWEVER …
Business risk lies in the disconnects which creep over time and across multiple
suppliers between the legal terms and operations implementation, of which both your
legal and operations team are largely unaware
__________________________________________
Progressive Intelligence has 25+ years of business operations and trusted
advisory experience, which uniquely qualifies us in risk management through
Service Value Assurance.

www.piplinc.com
Pinpointing Your Business Risks…
1. Are your service contracts aligned to support
your business strategy?
2. Could your service contract be legally sound
but operationally weak?
3. Do your service contracts quantify business
goals and identify legal and operational risks for
their potential impact, along with adequate
mitigation mechanisms?
4. Do your service contracts underpin operational
characteristics such as service levels which
actually support your business (as opposed to
ticking boxes).
5. How much flexibility do you have in realigning
your service contracts to changes in your
business drivers or in the regulatory regime?
6. Have you become increasingly dependent on
your vendors to the point where you cannot walk
away?
7. What is the impact of a breakdown in your
relationship with your vendors? Can your
business afford the potential impact of litigation?
8. Do your vendors assure you optimal value for
money? Is it on measured performance criteria?
9. Have your vendors executed to the letter of the
contract but yet, fallen short of “common sense”
expectations and your goals?
10. “To renew or not to renew” - is continuing with a
current vendor and contract a risk to business?
Is this an acceptable risk from commercial,
operational, and legal perspectives?
Do your contracts need an overdue “Health-Check”?

www.piplinc.com
Where do we provide value?
• Progressive intelligence complements the skills of your legal services provider to
address both legal, as well as operational, aspects of 3rd-party service contracts
• We are asked by clients to provide independent advice in the following areas:
1. Contract design
2. Contract audit
3. Contract re-design
4. Dispute avoidance and resolution
5. Operational audit and alignment
6. Operational governance
7. Program investment Decision and Governance

www.piplinc.com
Selected Credentials: Management Consulting & Executive Search
Context: £500M global partnership; £15M systems & operations costs; global VPN & Data Centre
infrastructure provision; system integration
Challenge: Service disconnects (gaps, duplication, conflicts, failure); excessive cost; risk of
regulatory non-compliance
Solution:
• prime contract accountability for end-to-end service delivery
• responsibility for aligning service interfaces to local systems
• 24x7 access to global application platform with failovers
• management of consolidated and streamlined global data repository for regulatory compliance
Result:
• instated joint governance to manage performance and optimize contractual spend
• “infrastructure as a service” (IaaS) contract for elasticity in services, scale, and cost
• streamlined multi-vendor legal and operational T’s & C’s
• vendor compliance to data governance policies
• $2.3M savings

www.piplinc.com
Context: £17B global partnership; £75M network & infrastructure costs; global VPN & Data Centre
infrastructure provision
Challenge: High fixed costs, custom architecture, sub-optimal asset utilization
Solution:
• network provision on a pay-per-use (variable) basis
• global points-of-presence aligned to business needs
• committed throughput for business applications
• fully managed data centre hosting and delivery services
Result:
• instated joint governance to manage performance and optimize contractual spend
• “communications as a service” (CaaS) contract for elasticity in services, scale, and cost
• data centre contract as a combination of services, and virtual and physical hardware assets
• operations and performance monitoring mechanisms
• KPI for capacity allocation and utilization
• $9M savings
Selected Credentials: Global Audit, Tax and Advisory Services

www.piplinc.com
Context: £17B global partnership; “Business Insights” practice area
Challenge: Bespoke data analytics & business intelligence platform on a hybrid public/private
cloud-based infrastructure provision with managed services; selection and systems integration of a
mix of open-source and proprietary software components; total cost of ownership model
Solution:
• stakeholder obligations for cross-functional business requirements
• project services for software development and integration
• re-alignment of existing managed hosting outsource contract
• Additional 3rd-party cloud-based services
Result:
• selection of data analytics & business intelligence platform
• governed enterprise solution (data, information, knowledge)
• infrastructure costs lowered by 40% (relative to a fully managed data center provision)
• competitive 3-year total cost of ownership for a turn-key solution

www.piplinc.com
Context: £4.3B global start-up; systems integration; £1B 10-yr outsource contract for managing
provisioning, billing and customer care processes
Challenge: complex bespoke process flows; 000’M daily CDRs; real-time provisioning & billing;
24x7 customer care; operational interfaces to > 120 fixed-line telcos around the globe; cross-
border data privacy; multi-jurisdictional legal intercepts
Solution:
• standardize master services agreement for operations support
• custom SOWs for integration and data exchange with telcos’
• preserve ITU agreements for access (ingress/egress), interconnect and legal intercept
• platform (provisioning, billing, customer care, and fraud detection) and infrastructure as a service
Result:
• business operations set-up as an independent profit centre
• real-time SLAs for wholesale billing operations
• pragmatic constraints and obligations for state-of-the-art fraud detection
• simplified and clear delineation of liabilities
Selected Credentials: Global Mobile Satellite Telecom Services

www.piplinc.com
Context: 5-year, $600M ITO/BPO services contract
Challenge: Compliance, verification and validation audit to gather irrefutable forensic evidence of
persistent failure by the vendor in delivering to the contract; while maintaining business-as-usual
Solution:
• mediate the dispute with the help of an independent 3rd-party audit committee
• identify significant disconnects in mutual expectations and material failures
• standardized master services agreement for support
• specific statements of work focused at measurably achieving each objective
Result:
• simplified and clearly delineated key client/vendor responsibilities
• instated joint governance to manage performance against a set of shared KPI’s
• avoided disruptive litigation
• reduced ongoing costs by 10% ($12M)
Selected Credentials: Global Travel and Leisure Services

www.piplinc.com
Context: £5B Regional P&L Centre (Europe)
Challenge: Governance framework for service support of a $500M SAP-based CRM/ERP system,
aligning national business units on processes, data, infrastructure, and operations with a center-led
knowledge management function
Solution:
• service lines and SLAs for a SAP Centre of Excellence
• critical operational components, e.g., process integration across service delivery organization and its
strategic suppliers
Result:
• end-to-end service levels supported by back-to-back OLAs along service delivery chain
• resource cost reduction of 30%

www.piplinc.com
Progressive Intelligence
• Progressive Intelligence is a strategy and operations
consultancy for executive and management boards with 3
core practice areas covering:
• Independent Advisory
• Program Governance
• Leadership Development
• We are 18 partners across US and Europe with soild
expertise in business operations, telecoms, IT, and
knowledge and information (Big-Data/BI) management
• Each partner has a minimum of 25 years of experience and
significant past tenures in C-level roles
• We offer a range of operations and IT transformation services
addressing strategy, consolidation, sourcing, risk
management, planning and implementation
Perspicuity and deep domain
knowledge of technical issues;
able to roll-up sleeves and deep-
dive into project activities.
Shipowners’ Protection Ltd.
Very wide and deep
understanding of business
concepts; enthusiasm matched
by knowledge - greatest strength
is an ability to impart knowledge
to others on the team.
TUI Travels, plc.

www.piplinc.com
Advisors’ Biography
Dr. Sanjeev B. Ahuja
Managing Partner
+44 7785 336 497
Sanjeev.Ahuja@piplinc.com
Sanjeev is the Managing Director of Progressive Intelligence, a
business strategy and operations consultancy with offices in the US,
UK and India. He launched its trusted Advisory practice in 2004, to
assist investors and management boards of his clients to address
business transformation challenges.
Over the last 25+ years, Sanjeev has worked and invested across
diverse industry sectors. He serves on the Boards of hi-tech start-
ups and takes on CxO roles to lead large-scale business and
operational transformation programs. Sanjeev also conducts
operations due diligence on behalf of VC and PE firms, assessing
the risk and upside of acquiring under-performing businesses. He is
experienced at post-merger consolidation and roadmaps to re-vector
a business and its value proposition.
He has vast experience and know-how in the telecom sector, having
previously served as CIO and VP Operations for a $4.3B mobile
satellite communications firm.
“Progressive Intelligence is a
management consultancy for SME
and large-sized firms. They are adept
at identifying the critical business
issues - commercially astute and
pragmatic, providing timely and
specific advice that is both objective
and constructive.”
KPMG International

www.piplinc.com
Advisors’ Biography
Grant A. Ross
Senior Partner
+1 303 885 2083
Grant.Ross@piplinc.com
“Progressive Intelligence’s expertise
with early stage and mid-sized
companies, in leadership roles, brings
20+ years of successful business
growth contribution, along with
working-knowledge of risk mitigation,
effective operational processes, and
the ability to enable a company to
realize the value of change.”
THIS TECHNOLOGY, Inc.
Grant is the Senior Partner and Program Governance Consultancy
Head for Progressive Intelligence and manages its US office. He
delivers value through a focused and measurable approach, treating
projects as corporate investments. Portfolio management,
stakeholder communications, and change management are his forte.
Grant has extensive experience working across telecommunications,
software/high-tech, professional services, recruitment, healthcare,
and hospitality sectors, as well as for the US Federal government.
As VP of Professional Services at This Technology, Inc., Grant
defined and led international and domestic sales support activities -
scoping, pricing, proposal participation, meetings, contracting, etc.
The processes and procedures implemented by Grant resulted in a
$6M growth of services revenues & 60% - 65% margin contribution.

To Contact Us

Need for Action (GDPR Risk Mgmt) Oct'16

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Need for Action (GDPR Risk Mgmt) Oct'16

Similar to Need for Action (GDPR Risk Mgmt) Oct'16 (20)

More from Dr. Sanjeev B Ahuja

More from Dr. Sanjeev B Ahuja (20)

Recently uploaded

Recently uploaded (20)

Need for Action (GDPR Risk Mgmt) Oct'16