Photo: W. Harold Tuck, CIO, San Diego County/Photo by Ken West
San Diego County officials know very well how tough it can be to outsource IT services. The county's 1999 outsourcing agreement with Computer Sciences Corp. (CSC) almost fell apart in 2002, when nearly 50 disputes over service prompted the county to send CSC a letter of default.
Today though, San Diego County stands as a model for how to outsource a government's IT operations. A well tailored contract, a governance structure that fits the county's needs, and strong communication have all helped make the county's current IT outsourcing arrangement productive.
"The relationship has gone well," said W. Harold Tuck, CIO of San Diego County, of the seven-year, $667 million contract with Northrop Grumman that took effect in January 2006.
Video: How San Diego Makes Outsourcing Work
The past several years have not been kind to other large-scale IT outsourcing initiatives. In October 2009, Indiana terminated a $1.6 billion contract with IBM to provide and operate a welfare eligibility system. At about the same time, a legislative audit and review committee in Virginia severely criticized Northrop Grumman's progress in taking over and improving the state's computers, servers, e-mail systems and help-desk services.
San Diego's early struggles and ultimate success offer insight into what can go both wrong and right with IT outsourcing.
During San Diego County's first foray into outsourcing, one major source of trouble was the project's ambitious scope, said former county CIO Mike Moore, now leader of the state and local government practice at EquaTerra, an outsourcing consultancy.
Moore worked on the original CSC contract, first as the team leader for subcontractor SAIC and then, starting in 2002, as the county's CIO. He remained CIO until summer 2007, managing the second procurement and transition to the Northrop Grumman contract. San Diego County is not an EquaTerra client.
County officials made three sweeping changes when they contracted out their IT, Moore said. First, they outsourced the entire IT operation. "This in itself is fairly unique," he said. Often, governments will hire contractors to run their infrastructure but keep other IT activities in-house. "At the same time, they completely consolidated." They shut down the IT shops in county departments and agencies, making IT a completely centralized activity. Third, county officials decided to replace their entire IT infrastructure.
"That's a dramatic amount of change," Moore said.
He took the CIO post after the county and CSC settled their dispute out of court in 2002. While the two parties continued to work together, the county got ready to put a new contract out to bid. Lessons learned the first time around helped county officials define requirements that were clearer and more realistic than the ones in the CSC agreement.
For one thing, the new contract specified fewer service-level agreements. "We looked at what was important to us and what we needed to measure," Tuck said. The county divided potential IT failures into two categories, priority one and priority two. It specified faster response times for the higher-priority problems -- those that affected critical business operations.
The service-level agreements in an outsourcing contract need to be meaningful and measurable, Tuck said. "And they have to be keyed to advancing your business objectives. Don't measure things for measurement's sake."
The second contract also put greater emphasis on disaster recovery and business continuity, he said. "We have redundancy in two different data centers now, and they both are located outside of California."
Beyond attending to details of that kind, county officials worked hard to fashion an IT outsourcing relationship that matched the government's structure.
Like many governments, San Diego County operates on a federated organizational model. Each department or agency makes its own business decisions and manages its own budget. Imposing a centralized IT model -- whether outsourced or in-house -- on top of such a decentralized organization can create many problems, Moore said.
For example, it might lead to one-size-fits-all thinking. San Diego County's original IT contract defined a single price point for a product called the "desktop," which covered all hardware and software associated with an individual's workstation.
"Everybody in the organization, all 17,000 employees, got the same things when they bought a desktop," Moore said. That package included resources that some departments would never use, and it lacked resources that some departments considered essential.
When designing the second contract, the county paid better heed to its diverse end-user base. "We broke [the desktop package] apart and offered multiple resources, so you could tailor it to a specific department's needs," said Moore.
Besides a contract that doesn't fit the government's structure, another potential outsourcing hazard is a weak governance structure. "There's a decision-making process that doesn't involve the departments as much as it needs to," he said.
The county's first outsourcing experience taught its officials to include departments and agencies in IT decisions. "In order to do that, you've got to spend a lot of time writing down what the rules are by which you're going to make a decision," Moore said. "We spent about six months in San Diego County with all of the agencies' IT chiefs, writing down a set of rules."
Today the county's governance model for enterprisewide IT consists of:
"The county's IT governance model expedites decision-making and promotes buy-in on key IT decisions, including those that relate to the county's relationship with Northrop Grumman," said Tuck.
Along with those bodies and their subcommittees, other groups of county and vendor representatives hold regular meetings to keep the outsourcing relationship running smoothly. Tuck meets formally each week with Northrop Grumman's key account executive, who maintains an office in the county Technology Office. They also talk informally throughout the week and Tuck meets periodically with key executives from Northrop Grumman's subcontractors.
Tuck, members of his staff and the heads of the five business groups meet quarterly with the contracting team for program reviews. There are additional meetings that focus on the five "frameworks," or service areas, that make up the contract: network, data center, desktop, application and help desk. Members of Tuck's team and the group IT managers attend those meetings.
Beyond those groups, San Diego County operates an Innovation Council , bringing together county employees and IT industry representatives to discuss potential projects for the future. They focus on innovative uses of technology in areas, such as mobile computing, document management and social networking. "We're looking for development of applications and ideas for our internal use -- for our staff to provide services to constituents -- and externally for people who want to do business with us," Tuck said.
Northrop Grumman and two of its subcontractors, AT&T and Hewlett-Packard, participate in the Innovation Council Industry Group, along with CGI, Gartner, Microsoft and Oracle.
Besides the right business model and a strong governance structure, one final factor that will help an outsourcing agreement succeed, Moore said, is support from the highest levels of government. In San Diego County's case, the IT outsourcing champion is Robbins-Meyer, the assistant chief administrative officer.
Executive support is crucial because a government CIO -- especially in a federated government -- often lacks the authority to get everyone to line up behind IT initiatives, Moore said. "In a federated model, you really need a little more glue than just a CIO."
San Diego County's contract with Northrop Grumman runs until January 2013, with an option to renew the agreement for one to five years. Tuck wouldn't say whether the county plans to exercise that option or go out for bid again.
Another open question is whether the county will continue to contract with a single prime vendor. Instead it could bring in different contractors to manage different aspects of its IT operations -- maybe one for each of the five frameworks, or one for infrastructure and one for applications.
Multisourcing would allow the county to handpick contractors for specific functions, rather than rely on a prime vendor to choose subcontractors, Tuck said. But managing multiple vendors isn't easy. "You have to have the skill set, and you have to have the people to do it. We would have to look in the mirror and ask, 'Can we handle multisourcing?'"
No matter which model it decides to adopt, San Diego County will continue to outsource its IT activities. "We've been outsourced since 1999," said Tuck. "This is the way we do business."