As I've mentioned before there are a lot of changes taking place where I work. Many of those changes involve us doing things for ourselves that have been done for us in the past. So I've spent a lot of time meeting with vendors lately. As we have gone through the process of meeting with various vendors to either provide a product or service I've been pretty impressed with most of those we have meet with. The FUD has been kept to a minimum (contrary to my post a few months ago) and the meetings have been productive for the most part.
We have to get 3 bids for most of these projects so at times we talk to several vendors and then narrow our list to the top 3 or 4 to actually invite to submit a bid. We did just this with one service that we needed and a couple of weeks ago I sent an RFP to the 3 selected vendors. Then early last week I received a bid from one of the vendors that had NOT been selected. At first I didn't think much about it because that stuff happens. But then it hit me that the bid included my internal RFP document that I had created and maintained control over. No one else in my company even had a copy of it. I quickly checked my sent items box to make sure that I had not sent it to the wrong vendor and I hadn't. Then I checked my Exchange logs and other audit logs to see if someone else in my company got a hold of it and sent it out. No evidence of it anywhere. Next I called the vendor to see where they got the document. The guy I had been dealing with there was out of the country until the end of this week and no one else knew anything.
That leaves only 2 options that I can see (if anyone else sees any others please let me know). Either the email was intercepted after it left my exchange box or one of the 3 chosen vendors shared it with this other company. The first I can live with (like it or not). The second does not sit will with me. Well I sent the vendors a letter outlining the situation and asking for them to do an internal investigation. Two of them have called back very concerned and with unequivocal denials that it happened by anyone within their company. No response from the third. Are they still investigating or is their silence convicting them?
I doubt that it came from anyone of the actual sales people or their trusted group that helps them put together a proposal, but maybe someone a little farther down the food chain who stands to make a few bucks from a "friend" if the other company actually gets the contract. Who knows. I do know that the 4th company is still not in the running. Their price was much lower, but I think that I would be getting what I paid for and that is not what I need.
If anyone has any thoughts on this or if something similar has happened to you please write me and let me know. This is a first for me and I'd love to know how others handled it.
Security's Everyman
Wednesday, November 08, 2006
Vendor Selection
Posted by Andy, ITGuy at 6:37 AM
Labels: FUD, information security, IT projects
Subscribe to:
Post Comments (Atom)
2 comments:
It is possible one of your three vendors needed to pass on the bid or knew they would not win it. Likewise, perhaps they think they stand a chance to look better compared to this fourth party? Why go to a party and compete with unknown other guys for the attention of the girlies, when you can bring a few of your ugly friends and look better for it?
Loner, You are right in context, but the 4th bid was much lower than any of the other quotes. Almost half what the others quoted. But it was a "get what you pay for" company.
Post a Comment