minglis
commented
5 years ago For me these people related questions were all about in-house knowledge, so that if a question came up about integration/re-hosting/insourcing/costing/etc we had someone with a tech understanding of the system. It may not be how it works, but understand enough to make a reasoned statement about it. With zero knowledge about an entirely outsourced system the feeling was we're at more risk if we don't have any knowledge.
Note: if you add a civil servant/contractor it should change the colour. Note: currently contractor + managed contract is un-scored, and goes white in the spreadsheet.
jennyd
I'm thinking through why a managed service should be scored as an amber technical risk.
The normal in-source vs out-sourcing conversation is about commodity services vs flexibility. Not so much about technical risk.
It's difficult to argue services can't be successfully out-sourced. From the point of view of technical risk criteria, the company can have good people that iterate, keep their tech in a manageable state and do upgrades before dependencies expire. This might be no different to an in-house team. They can give the client the visibility they want - code source, what's deployed etc. And of course there should be technical oversight of projects both internal and external.
But of course experience says an out-sourced contract usually doesn't go like this. And I imagine most contracts simply don't include continual improvements, technical oversight etc. Are these the reasons that we score these as amber?
I'm happy to I can add a couple of sentences about this to the README, once we've agreed our understanding.