123 Basics of Defining Information System Acquisition Strategies Dr. Jennifer Carter, July 2016 M. Burke and K. Hogan, editors Acquisition Strateg

123 Basics of Defining Information System Acquisition Strategies

Dr. Jennifer Carter, July 2016

M. Burke and K. Hogan, editors

Acquisition Strateg

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

Basics of Defining Information System Acquisition Strategies

Dr. Jennifer Carter, July 2016

M. Burke and K. Hogan, editors

Acquisition Strategy Overview

Acquisition refers to the procurement of products and/or services to meet a business requirement. In addition to directly purchasing a product, acquisitions often include contracting for engineering or management services to support in-house development, customization, or integration. Acquisition of information systems can be complex. The system scope typically includes software, hardware, services, data, and processes. Some of this scope will be newly acquired but some may also be leveraged as part of the existing infrastructure. For this reason, an information system acquisition may be a single comprehensive contract or a set of contracts for products and services that are managed together to obtain an information system.

Not all acquisitions are for new systems. The scope for an information systems acquisition could also be focused on the operation, data management, modernization, information assurance, or maintenance of an existing system. Information systems acquisitions are further complicated by the fact that the buyer is not always the end user. Often the Chief Information Office or Information Technology Department is responsible for the information system acquisition intended to provide services for an entire organization comprised of their customers. This perspective adds complexity because of the need to establish long term customer support, often with varied responsibility and accountability for customer satisfaction.

There are three major decision areas required to define an effective IS/IT acquisition approach:

1) What are you going to buy?

a) Will it be bought as a product or service?

b) Will it be commercial off-the-shelf or custom?

c) Who will be responsible for development, customization, integration and/or sustainment?

2) What infrastructure will you leverage or include?

a) Where will the system be hosted?

b) How will connectivity be made available?

c) How will security be handled?

d) How will business continuity requirements be handled?

e) What are the data management considerations?

3) What contract options will provide the best outcome (cost and performance) over the life cycle?

Each one of these has its own set of alternatives and criteria for consideration to determine the strategy that best meets the requirements.

1) What are you going to buy?

This section provides the basic questions that need to be answered in order to determine the scope of what will be bought. While these decisions are related and have similar pros/cons, the separation into multiple perspectives helps add clarity to the decision process. Often the decisions for complex acquisitions require hybrid approaches or a modular approach where the solution is comprised of multiple capabilities acquired in different ways. For these cases, the strategy would provide an acquisition overview, describe the modular aspects, define the different approaches and finish with a summary of how they combine to satisfy the requirements.

There are three aspects to be considered:

a) Will it be bought as a product or service?

b) Will it be commercial off-the-shelf or custom?

c) Who will be responsible for development, customization, integration and/or sustainment?

a) Will it be bought as a product or service?


Buying a product refers to the purchase of hardware, software, or a system that is delivered and then owned (or possibly leased, as in the case of licensed software) by the customer.


– Ability to configure as needed

– Ability to control system operation

– Ability to integrate into the local secure environment

– Leverages existing infrastructure

– Can be customized as a unique instance


– Initial investment costs

– Typically requires more time than a service for setup and configuration prior to availability

– Lack of flexibility to move to a new solution based on investment costs

– Scalability may be limited

– Requires product maintenance


Many requirements for information systems can be satisfied by purchasing a capability as a service instead of the traditional approach of buying hardware/software and establishing your own service. Examples include public enterprise service offerings such as e-mail, web conferencing, chat, storage, and business software. Many of these are bundled into integrated service packages such as Office 365. Service contracts are set up with defined performance levels. These service level targets ensure that the service will meet customer needs and include the service levels for customer support. Typical service level measures include availability and response times. The market research should provide information on the availability and types of service offerings and products available to meet the requirement.


– Low capital or up-front investment costs

– Puts the burden of operations, maintenance and infrastructure on the provider/contractor

– Typically more scalable for dynamic number of users

– Depending on the contract terms for use of service, this option typically provides more flexibility for changing to a new service offering in the future, i.e. less lock-in to a particular solution

– Focus organization’s activities/people on core mission versus IS/IT services


– Dependent on provider service performance

– Limited or no ability to make changes to the service

– Limited information and control for resolution of potentially high impact of service interruptions

– Security is dependent on the provider infrastructure and environment, typically shared with other customers

– Dependent on network access

b) Will it be commercial off-the-shelf or custom?

Commercial off-the-shelf

These are products and/or services that have already been developed and can be demonstrated. Generally, they will be in use by other organizations. The customer organization obtains the off-the-shelf product as-is and usually has little limited ability to customize it to the organization’s particular needs.


– Larger user base enables economies of scale

– Upgrades and maintenance can be purchased with the product

– Least time to delivered product, no development time

– Proven performance and reliability


– Requires some compromise on the requirements for a “best fit”

– May lock customer into a particular vendor for a period of time

– May or may not be able to leverage/integrate existing infrastructure or align with planned architecture

– Limited ability to influence new features or upgrades


This category refers to solutions specifically designed to meet a set of specified requirements. It generally requires the system to be designed and developed “from the ground up” to meet the requirements. It is then often owned by the organization that paid for its development, and is not shared with other organizations.


– The system fully meets the customer requirements.

– The solution is owned by the organization so there are no data rights or licensing issues

– Full control of the system

– Ability to make changes to the system to meet dynamic requirements

– Possibly provides a competitive advantage with unique capabilities

– Potential to make revenue from sale of rights to developed code


– Long term maintenance and upgrades are all the responsibility of the organization

– Schedule requires development time

– Typically requires custom integration with architecture or security

– Higher performance risk with an unproven, unique solution

– Typically higher cost to maintain

c) Who will be responsible for development, customization, integration, or sustainment?

The choice here is to use in-house staff or external staff acquired through a contractual arrangement.

In-house staff

Those who develop, customize, integrate and/or maintain the system are employees of the organization.


– Results in local expertise/knowledge about the product or service that enables resolving issues and future enhancements to respond to dynamic requirements

– In-house developers have expertise on the mission and requirements.

– Clear control and accountability for the work and results

– Staff is incentivized directly and has vested interest in outcome


– Typically requires long-term commitment, funding and benefits for staff

– Often IS/IT development is outside the organization core competency, diluting organizational focus

– May require specialized skills not already on staff; typically hiring process is slow. May require staff training which can extend the delivery schedule.

– Requires reallocation of staff after completion of development

External (contractor) staff

These resources are acquired via a contract and are managed by the contractor. The contractor is responsible for hiring, training and employing the resources to perform the job, and has the flexibility to provide specialized staff for short periods, as needed, to complete the project.


– Can leverage specialized expertise for a limited time, just when needed

– No long term commitment to staff and related benefits

– Keeps internal labor focused on core business versus enablers or side projects

– Inherent culture and processes of the provider organization


– Labor rates are typically higher

– Less control over the work and the schedule

– More risk that product/service may not meet needs

– Limited ability to influence performance for external labor

2) What infrastructure will you leverage or include?

This section will narrow down the scope of the procurement by determining what related infrastructure will be part of the acquisition. This includes designating what existing infrastructure will be leveraged, thereby requiring specific standards, interoperability or integration as part of the acquisition. Some of these infrastructure decisions may be defined within the requirements, but in general, the requirements will not specify the solution. Not all of these decisions need to be made ahead of time, but if not, the information on options, architecture, and related constraints would be provided to potential bidders. For most information systems, key infrastructure decisions include computing platform, connectivity, security, continuity of operations, and providing for appropriate management of the data.

a) Where will the system be hosted?

Information systems require a computing platform. In many cases an organization already has an existing computing infrastructure such as a data center or cloud architecture. If there is a mandate to use the common environment, then these constraints should be documented and provided to the potential bidders. If not, then the alternatives should be evaluated to determine what to include as part of the procurement. Specifically, the contract can specify dedicated servers, use of a data center, or cloud computing. The pros and cons of each will be highly dependent on the application, however, the following provides some general considerations for each.

Dedicated servers

If dedicated servers are to be used to host the system, they may already be owned by the organization, or they may be purchased under the same contract along with the system, or they may be separately acquired and provided by the organization to host the system.


– Computing performance is not affected by competing priorities

– Can be located to minimize latency and network access issues for the specific application

– Can be configured and optimized for the specific application

– No constraints on choices of computing platform (servers), operating system, development tools, etc.

– Can be isolated in a secure environment


– Typically higher cost, pay for all server capacity including unused

– Requires staff for system administration

– Need to obtain related supporting infrastructure: power, space, connectivity, and cooling.

– Inefficient for applications with dynamic processing requirements

– Growth in processing requirements requires procurement of new servers impacting scalability and flexibility

– Time consuming to setup new, dedicated computing resources.

– Requires security be established and updated

Data Centers

Data center environments can be provided by the organization, by the contractor, or by a third party. If the organization has its own data center, it may well choose to have the new system run in that data center. The contractor that is providing the system may offer to host the system in its data center. It may also be determined that using a third party data center is most cost effective.


– Less time required to leverage existing infrastructure

– Can take advantage of economies of scale

– Less time required to leverage existing infrastructure

– Typically enables use of existing, more advanced, cybersecurity

– Computing is typically dynamically scalable and virtualized

– Leverage existing compliance standards, certifications, configuration management processes, information assurance updates, etc.


– Shared assets may impact performance

– Access to/from data centers may impact performance

– Possible constraints on computing alternatives such as operating systems, development environments, etc. due to data center architecture, standards, and configuration

– Dynamic scalability dependent on shared architecture

Cloud computing

As in the case of the data center option, the cloud computing environment can be owned by the organization, the contractor, or a third party vendor. If the cloud environment is owned by the organization, it will have pros and cons more aligned to those identified for a data center. The considerations below generally apply to cloud computing environments provided by the contractor or a third party.


– Reduced capital investment cost

– Large economies of scale

– Pay for what is used

– Dynamically scalable

– Improved disaster recovery

– Provides access from anywhere

– Professionally maintained and serviced

– Has potential to improve security


– Constant internet connection required; performance dependent on network

– Corporate data and intellectual property more accessible to others

– Vendor lock-in

– Potentially high cost to shift cloud solutions

– Limited control and flexibility; architecture and standards constraints

b) How will connectivity be made available?

The business case will set the scope and constraints on connectivity. The range of solutions should be narrowed down enough to specify a comprehensive approach that supports expected growth. For example, connectivity alternatives may include internet, community or local network, mobile carrier, and often all of the above. Some connectivity alternatives, such as internet service provider or mobile carrier agreements, may require separate contracts. If buying software as a service, the network is a critical dependency. For cloud services and remote data centers, the network characteristics, such as bandwidth, potentially have a significant impact on performance. In addition, some cloud based services, such as storage, may incur additional network fees for data access.

How will security be handled?

There are multiple approaches to achieve desired levels of information security, to include perimeter defense, identity management, data security (at rest), encryption (data in transit), user access controls, automated monitoring, and defense in depth. When designing an information system, it is important to clearly specify the security requirements and that they enable meeting security objectives without overly driving cost or constraining the commercial solution alternatives. The security approach often impacts the ability to integrate, modify, scale, or upgrade the solution in the future.

d) How will business continuity requirements be handled?

There are multiple approaches for obtaining continuity of business operations. A common approach is to use a smaller scale capability at an alternate location from the primary, either on-site or remote. The requirements need to clearly state any ranges of acceptable recovery times and/or data loss. An acquisition strategy should address whether the solution for continuity will be through the same contract (i.e. dependency on the same provider and contract vehicle) or whether there will be a separate in-house or contracted recovery ability. Using the same contract vehicle adds significant risk in the event that the contractor is not able to perform. If the strategy is for a system backup with a separate provider, then there are potential issues with intellectual property, accountability, additional cost, contract overhead, and clear allocation of responsibility for meeting the performance requirements between parties.

e) What are the data management considerations?

For most information systems, management of the data is fundamental to the system performance. In many cases, such as business and health systems, the data volume is so large that it is a driving force in the system design and overall cost. There are also many cases where the ability to access, view or analyze legacy data is required. The operational use of the data provides the context for acquisition related decisions regarding the analytic environment. For example, systems primarily used for data archiving can utilize low cost, offline storage alternatives, whereas systems that are used for real-time, flexible analysis of business data may require in-memory storage for rapid access. In any case, the data must be adequately protected and available to the owning organization when contracts are terminated.

3) What contract options will provide the best outcome (cost and performance) over the life cycle?

The selection of an appropriate set of contract vehicles is a critical component of the acquisition strategy. Not only is the contract type important, but the number of contracts, the term, and the method to ensure accountability are also critical factors. While a single contract for the entire scope of work provides the simplest contracting approach, it also typically results in higher cost and less flexibility. Since many information systems share common infrastructure components, there may be opportunities to leverage existing contracts for some portion of the acquisition scope. The pros and cons of a longer contract term will be very dependent on the scope of the acquisition. Similarly, the performance measures will be dependent on priorities. The important aspect of performance is to ensure the basic success criteria are defined and measurable so that they can be incorporated into contract incentives, quality assurance planning and source selection.

There are several contract types. The contract types are categorized into fixed price, cost reimbursement, indefinite delivery, and purchase agreement. There is no single right answer for which type of contract is best for a particular information system acquisition. However, there are some general guidelines and principles to consider. One of the major factors to consider is risk. Fixed price contracts shift the risk to the contractor, while cost reimbursable contracts retain more risk within the organization. Other major factors are flexibility and control, both of which are limited for fixed price contracts. Schedule is another major factor, and contract vehicles such as indefinite delivery indefinite quantity or blanket purchase agreements provide opportunities to reduce contracting time through use of existing vehicles. The cost benefit of specific contract types will be dependent on the scope of the procurement and the market pricing trends.

In addition to these formal contracts, there are a variety of single-purpose contractual arrangements available. Telecommunications (e.g., internet and cellular services) may be acquired through a standard service contract offered by the provider to all customers. Hardware may be acquired through a purchase order with a hardware vendor, where the list price is paid and a warranty may be included. Many software-as-a-service vendors offer the use of their software online via a “subscription” at a fixed cost that may vary by number of users, storage used, etc. Cloud service providers may also offer similar subscriptions.

It is not unusual for an acquisition strategy to include several different acquisition approaches for the various components of a system. These may all be “bundled” together so that a single contractor (“integrator”) is responsible for acquiring, coordinating and managing the entire system project. Or, the individual components (hardware, software, and telecommunications) may be separately acquired and integrated and managed by the organization itself. This may result in lower cost, but may increase risk. Acquisition strategy development is about making the tradeoffs outlined throughout this paper and determining the best approach for the organization and the system being acquired.

8/14/2016 1

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality