#3rd Party Component Management
|Capability Level||Capability Name||Description||Observed Behaviour||Project Scope|
|0||3rd Party Components: Unmanaged||An unknown number of 3rd party components, services and tools are in use.||No clear ownership, budget or roadmap for each service, product or tool.
Notification of impacts are makeshift and motley causing regular interruptions and impacts to productivity.
|Create a list of all 3rd party components in use. Include software components, alongside open source and commercial, off-the-shelf (COTS) tools, services and hardware. Include details of Contract terms, SLA’s, expiry, support details and account contacts.
Assign owners for each 3rd party component function, define the role of the owner as being responsible for the quality of service.
|1||3rd Party Components: Understood||A trusted list of all 3rd party provided services, products and tools is available.||Informed debate of the relative merits of each 3rd party component can now occur.
Outages still cause incidents and upgrades are still a surprise.
|Create a process for reviewing 3rd party components on a regular basis and a process for assessing alternatives.
Record incident data for each outage ensuring the component is clearly listed along with the service impact.
Create organisation-wide calendars showing dates for 3rd party component outages, new releases and fixes.
|2||3rd Party Components: Managed||All 3rd party services, products and tools have a service owner.||Incidents caused by 3rd party services are now escalated to the provider and within the organisation.
There is organisation wide communication about the quality of each service and major milestones such as outages or upgrades are no longer a surprise.
There is no way to fully assess the potential impact of replacing a 3rd party component.
|Create a mechanism for sharing the costs for components among the services that use those components.
Update the 3rd party component list with the list of services that rely on each component.
Enlarge the role of the 3rd party component owner to include the creation and curation of strategic roadmaps for the various services and products.
|3||3rd Party Components: Risk Managed||Strategic roadmaps and budgets are available for all 3rd party services, products and tools.||Curated discussions supported by captured data take place regularly about the performance, capability and quality of each 3rd party service, product and tool. These discussions lead to published conclusions and actions.||3rd party component owners will represent their components in the forum where senior engineers, product managers and service owners discuss budget and engineer allocation.
Initiate a process for building and managing open source projects if replacements for any 3rd party components are to be built in-house.
|4||3rd Party Components: Continuous Improvement||Continuous Improvement||3rd party components will be either active open-source projects that the organisation contributes to or they will be supplied by engaged, responsible and responsive partners||-|