Commercial Lifecycle Management System Implementation Provider Change

MPS Commercial Services have been on a digital transformation journey to enable a more efficient, transparent and standardised way of working within its Commercial Lifecycle Management processes including improved reporting and analytics capabilities. The Commercial Lifecycle Management system will manage all sourcing, saving and contracting processes within Commercial Services. In addition, it will provide an automated supplier information management capability. As part of this journey, in 2019 Commercial Services had selected its CLM system provider. However, following a number of challenges including a heavily delayed completion of the system implementation, whilst Commercial Services remain committed to implementing CLM for the benefits it will bring to the organisation, Commercial Services request approval to move to a new CLM provider called Coupa. It would also be a significant step forward in how Commercial manage its CLM processes including supplier risk and supplier information management.

The Deputy Mayor for Policing and Crime is recommended to:

1. Approve entering into a 3-year agreement with Coupa.

2. Approve to implement Source to Contract capabilities including Coupa Supplier Information. Management and Coupa Risk Assess.

3. Note that these costs are fully funded from the Commercial Services revenue budget.

1. Introduction and background

1.1. In June 2018, Commercial Services commissioned a partner to develop their Commercial systems strategy which included a recommendation to implement a CLM system to address inefficient and paper based processes, which had also been identified as an improvement requirement.

1.2. An output of this report was for Commercial Services to implement a Commercial Lifecycle Management system including a number of recommended system providers.

1.3. A system provider was selected from the recommendation list, however due to challenges and delayed implementation progress the decision was taken to test the market for a potential alternative provider.

1.4. An assessment was completed against a number of critical success factors which identified Coupa as the preferred provider.

1.5. The move would be a first for Coupa in the public sector, a leading provider for CLM in the private sector.

2. Issues for consideration

2.1. There is an improvement requirement to implement a Commercial Lifecycle Management system to provide visibility of core Commercial activities including sourcing, supplier and contract record management.

2.2. Commercial Services have previously contracted with a provider in June 2019 to implement and run the CLM solution. The implementation has not yet been finalised and as of April 2020 been paused to allow for further provider assessment. The existing provider contract is due to expire in June 2021.

3. Financial Comments

3.1. This information is contained in the restricted section of the report.

4. Legal Comments

4.1. The commercial section confirms the proposed contract award is procured compliantly in accordance with the PCR.

4.2. Paragraph 4.8 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve business cases for revenue or capital expenditure of £500,000 or above.

4.3. Detailed legal implications are articulated in Part 2 of the paper.

5. Commercial Issues

5.1. This information is contained in the restricted section of the report.

6. GDPR and Data Privacy

6.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.

6.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.

6.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the programme/project meets its compliance requirements.

6.4. The project will ensure a privacy by design approach, which will allow the MPS to find and fix problems at the early stages of any project, ensuring compliance with GDPR. DPIAs support the accountability principle, as they will ensure the MPS complies with the requirements of GDPR and they demonstrate that appropriate measures have been taken to ensure compliance.

6.5. Consultation has been made with MPS HQ Strategy and Governance and The MPS are working with the service provider to complete the standard DPIA template as part of the Statement of Requirements, Terms, and Conditions for the contract. A DPIA exists for this work and is currently being updated.

7. Equality Comments

7.1. As this is an extension of an existing service this work does not change any aspects relating to equality or diversity.

8. Background/supporting papers

8.1. Report.