Medium recently posted an article from ArmourZero, a cyber-security platform provider^*, on IT Procurement Etiquette for User and Vendor, which I guess goes to show the lack of knowledge on how to buy among some organizations. It doesn’t go nearly far enough on what S2P buyers need to know, but it does provide basics we can build on.

The advice it provides for a user are:

1. Do Your Homework (Create a Proper SoW): take the time to provide a proper Scope of Work (and don’t just take a vendor’s sample SoW, edit it slightly, and send it out, especially to the vendor you took it from)
2. Professional: be neutral and don’t favour any specific vendor
3. Transparent: be clear about the process, and if all bids exceed the budget and a reduced bid is required, be clear about the reason for going back and any modifications to the SoW to allow vendors to be within a budget range
4. Fair: stick to the rules; not even incumbents get to submit late; if you have a minimum number of bids in by the deadline, you work with those; you weight on the same scales; etc.
5. No Personal Interest: don’t accept gifts; don’t vote on the bid where you have a relationship; etc.

However, in our space, you have to start with:

• Do Your Tech Market Research: make sure you understand the different types of solutions in the market, what the baselines are, and what the standard terminology is (sourcing != procurement)
• Do Your Deep Dive Tech Market Research: once you figure out the major area, figure out the right sub area — a Strategic Sourcing Solution is not a Strategic Sourcing Solution is not a Strategic Sourcing Solution; a CLM (Contract Lifecycle Management) is not a CLM is not a CLM; and an SXM is definitely not an SXM which is definitely not an SXM; in the case of Strategic Sourcing, do you mean RFX? e-Auction? or optimization-backed sourcing? in the case of CLM, do you mean Negotiation, Analysis, or Governance? in the third case, which element(s) of the CORNED QUIP mash are you looking for: compliance? orchestration? relationship? network? enablement? discovery? quality? uncertainty? information? performance? No vendor does more than half of these, and those vendors will only do a couple of areas really deep and more-or-less fake the rest!
• Write a Process and Results Oriented RFP (& SoW): it’s not features or functions (beyond the foundational functions all applications in the class need to support) it’s the processes you need to support, the systems you need to integrate with, and the results you need to get — let the vendors describe how they will solve them, not just check meaningless yes/no boxes … they might have a more efficient way to support your process, a faster way to get results, etc.; the same goes for any implementations, integrations, services, etc. — make sure it focusses on what you need to accomplish, not meaningless check-the-box exercises
• Do Your Due Diligence Vendor Research: once you have figured out the solutions you need and the primary capabilities you are looking for, make sure the vendors you invite not only offer the type of solution, but have (most of) the foundations of the capabilities you are looking for; use analyst firms, maps, tech matches, and expert analyst consultants to build your short-list of mandarin to tangerine to orange vendors vs random google searches that, if you are lucky, will give you apples to oranges, and if you are not, will give you rutabagas to oranges to tofu vendor matches

Then apply the rest of the advice in the linked article by ArmourZero.

You’ll have better success in your RFP, negotiations, and your implementation if you do all of your homework first, even though it is a lot more extensive than you want it to be. (But remember, there are expert analyst consultants who can help you. No one says you can’t hire an expert tutor! And the reality is that you should spend five figures before making a six to seven figure investment (as there will be implementation, integration, and support costs on top of that six-plus license fee), and maybe even do a six-figure deep dive process and technical maturity assessment, market scan, and custom RFP/SoW generation project with an expert analyst consultant before signing a recurring [high] seven figure suite deal.

^* A CyberSecurity firm is the last vendor you’d expect to be authoring such a post (given the massive increase in CyberAttacks since 2019), but I guess it shows just how bad buying can be if they felt the need to write on this vs. a SaaS Management Vendor