10.3 System procurement

The initial phase of systems engineering is system procurement (sometimes called system acquisition). At this stage, decisions are made on the scope of a system that is to be purchased, system budgets and timescales, and the high-level system require- ments. Using this information, further decisions are then made on whether to procure

a system, the type of system required, and the supplier or suppliers of the system. The drivers for these decisions are:

1. The state of other organizational systems If the organization has a mixture of systems that cannot easily communicate or that are expensive to maintain, then procuring a replacement system may lead to significant business benefits.

2. The need to comply with external regulations Increasingly, businesses are regu- lated and have to demonstrate compliance with externally defined regulations (e.g., Sarbanes-Oxley accounting regulations in the United States). This may require the replacement of noncompliant systems or the provision of new sys- tems specifically to monitor compliance.

3. External competition If a business needs to compete more effectively or maintain

a competitive position, investment in new systems that improve the efficiency of

276 Chapter 10 ■ Sociotechnical systems

Off-the-Shelf System Available

Adapt

Assess Existing

Choose System

Define Business Survey Market for Negotiate Requirements

Existing Systems Contract

Select Custom System

Define

Issue Request

Tender Required

Requirements

to Tender

business processes may be advisable. For military systems, the need to improve

Figure 10.6 System procurement processes

capability in the face of new threats is an important reason for procuring new systems.

4. Business reorganization Businesses and other organizations frequently restruc- ture with the intention of improving efficiency and/or customer service. Reorganizations lead to changes in business processes that require new systems support.

5. Available budget The budget available is an obvious factor in determining the scope of new systems that can be procured.

In addition, new government systems are often procured to reflect political changes and political policies. For example, politicians may decide to buy new sur- veillance systems, which they claim will counter terrorism. Buying such systems shows voters that they are taking action. However, such systems are often procured without a cost-benefit analysis, where the benefits that result from different spending options are compared.

Large, complex systems usually consist of a mixture of off-the-shelf and specially built components. One reason why more and more software is included in systems is that it allows more use of existing hardware components, with the software acting as ‘glue’ to make these hardware components work together effectively. The need to develop this ‘glueware’ is one reason why the savings from using off-the-shelf com- ponents are sometimes not as great as anticipated.

Figure 10.6 shows a simplified model of the procurement process for both COTS system components and system components that have to be specially designed and developed. Important points about the process shown in this diagram are:

1. Off-the-shelf components do not usually match requirements exactly, unless the requirements have been written with these components in mind. Therefore, choosing a system means that you have to find the closest match between the system requirements and the facilities offered by off-the-shelf systems. You may then have to modify the requirements. This can have knock-on effects on other subsystems.

10.3 ■ System procurement 277

2. When a system is to be built specially, the specification of requirements is part of the contract for the system being acquired. It is therefore a legal as well as a technical document.

3. After a contractor has been selected, to build a system, there is a contract nego- tiation period where you may have to negotiate further changes to the require- ments and discuss issues such as the cost of changes to the system. Similarly, once a COTS system has been selected, you may negotiate with the supplier on costs, licence conditions, possible changes to the system, etc.

The software and hardware in sociotechnical systems are usually developed by

a different organization (the supplier) from the organization that is procuring the overall sociotechnical system. The reason for this is that the customer’s business is rarely software development so its employees do not have the skills needed to develop the systems themselves. In fact, very few companies have the capabilities to design, manufacture, and test all the components of a large, complex sociotech- nical system.

Consequently, the system supplier, who is usually called the principal contractor, often contracts out the development of different subsystems to a number of subcon- tractors. For large systems, such as air traffic control systems, a group of suppliers may form a consortium to bid for the contract. The consortium should include all of the capabilities required for this type of system. This includes computer hardware suppliers, software developers, peripheral suppliers, and suppliers of specialist equipment such as radar systems.

The procurer deals with the contractor rather than the subcontractors so that there is a single procurer/supplier interface. The subcontractors design and build parts of the system to a specification that is produced by the principal contractor. Once com- pleted, the principal contractor integrates these different components and delivers them to the customer. Depending on the contract, the procurer may allow the princi- pal contractor a free choice of subcontractors or may require the principal contractor to choose subcontractors from an approved list.

Decisions and choices made during system procurement have a profound effect on the security and dependability of a system. For example, if a decision is made to procure an off-the-shelf system, then the organization has to accept that they have very limited influence over the security and dependability requirements of this sys- tem. These largely depend on decisions made by system vendors. In addition, off-the- shelf systems may have known security weaknesses or require complex configuration. Configuration errors, where entry points to the system are not properly secured, are

a major source of security problems. On the other hand, a decision to procure a custom system means that significant effort must be devoted to understanding and defining security and dependability requirements. If a company has limited experience in this area, this is quite a difficult thing to do. If the required level of dependability as well as acceptable system per- formance is to be achieved, then the development time may have to be extended and the budget increased.

278 Chapter 10 ■ Sociotechnical systems

Figure 10.7 Systems