Cisco Global Commerce Audit Preparation Document, v4.0

Transcription

1 Cisco Global Commerce Audit Preparation Document, v4.0 Table of Contents Introduction Audit Process and Methodology 1.1 Audit Scheduling Role of Audit Participants Audit Findings and Follow Up Prequalification Requirements General Requirements 3.1 Objectives Contracting Procurement Security Business Continuity Required Capabilities 4.1 Global Order Management Global Invoicing Global Agreements Global Logistics... 8 Appendix 1: Sample Agenda... 9 Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 1

2 Introduction This document defines the criteria required to achieve the Global Commerce Specialization within the Cisco Worldwide Channel Partner Program and provides guidelines for auditing to these requirements. The criteria may be updated at the discretion of Cisco. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 2

3 1 Audit Process and Methodology 1.1 Audit Scheduling As a general guideline, an on-site audit will not be scheduled until the partner has submitted a complete application and the Cisco Partner Program Manager has verified that pre-audit requirements have been met. Please contact your Program Manager for an application and to schedule your Global Commerce audit. A representative from a Cisco third-party audit agency will schedule the on-site audit and will request additional documentation or information prior to or during the audit. Typically, the on-site audit will take place within three working days of Cisco s validation of the partner s pre-qualification requirements. The audit must take place at the partner s global commerce/logistics center, if this exists, or at the location where the majority of global customer opportunities are negotiated and managed. 1.2 Role of Audit Participants Role of the Partner Prior to the audit, the partner is expected to review all of the program requirements, submit a complete online application with the requested pre-audit documents and provide any additionally required documents on the day of the audit. During the audit, the partner will present a 15-minute general partner overview of the company covering: A business model, service and support model, and organizational overview If applicable, the business model overview should include provision of any partner added value services, built around Cisco products, such as managed network services, installation support services, and basic and advanced consulting services Partner should discuss the business and support relationship with Cisco. Suggested participants for this period of the audit would be the person responsible for managing the support relationship with Cisco, and the main contact for Cisco certifications and specializations. Role of the Auditor Cisco uses an independent third-party audit agency to conduct audits. The auditor manages the on-site audit process. The auditor will review supplied documentation prior to the audit, verify whether the partner complies with all of the program requirements, and compile the audit report describing the extent of compliance with each requirement. The auditor will then submit the report and supporting documents to the Cisco Partner Program Manager who will determine whether or not the partner meets these requirements. All information or documentation provided to the auditor is considered confidential information as defined in an NDA signed by Cisco s third-party auditors, and will be treated accordingly by both Cisco and the auditor. Role of the Cisco Partner Program Manager (PM) The Cisco Partner Program Manager (PM) is responsible for maintaining program integrity, and as such, the decision to award or revoke program certification or specialization rests with the PM. All grace periods described within the policy document are at the discretion of the PM. 1.3 Audit Findings and Follow-Up Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 3

4 At the audit closing session, the auditor will present a brief synopsis of the partner s audit opportunities for improvement and, in particular, will highlight any open action items. For open action items, the partner will be given an opportunity to provide written evidence of closure to the auditor within five business days after completion of the audit. If unable to close out open action items within five business days, the partner should provide a corrective action plan to the Cisco Partner Program Manager. The action plan must be fully implemented within an agreed upon time period, not to exceed the stated get-well period. At the end of the agreed time period, a visit by the auditor may be required in order to verify closure of an action item. The final decision to award certification or specialization will not be made until the corrective action plan is satisfactorily completed. During and after the audit, the auditor cannot make commitments regarding the qualification decision. The Partner Program Manager will review the audit report and communicate results back to the partner within 20 business days. Results will be ed back to the primary contact within the partner organization. It is possible that the findings of the audit are such that qualification or requalification for the program cannot be achieved within the stated get-well period. In this case, the Partner Program Manager may deny qualification. If a partner fails to deliver an action plan within the agreed timeframe, the partner may also be denied qualification for the program. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 4

5 2 Prequalification Requirements 2.1 Agreements/Contracts Partner must have a valid Global Systems Integrator Agreement with Cisco; this agreement will be validated by Cisco 2.2 Certification Partner must have current Gold certification in at least one country in each Cisco theater, plus one current Silver certification in each Cisco theater 2.3 Geographical Coverage Partner must have a legal presence and an Indirect Channel Partner Agreement (ICPA) in at least 20 countries, with a minimum of four in each Cisco theater 3 General Requirements 3.1 Objectives Requirement Partner must have measurable objectives to support the critical success factors for global customer engagements Partner must conduct periodic reviews of performance to objectives; records of reviews must be maintained Partner must take appropriate action to improve performance when objectives are not being met. Records of actions taken must be maintained Objectives must be reviewed and revised as necessary to ensure they remain appropriate to the critical success factors for global customer engagements. This must include objectives related to Service Level Agreements (SLAs) and to key business processes specific to global commerce activities. Partner must provide evidence, e.g. meeting minutes or other records of period reviews of performance to objectives. Partner must provide evidence of action items (e.g., corrective actions, continual improvement) taken when objectives are not met. Partner must provide evidence of periodic review and evaluation of objectives, including revision of targets and objectives when necessary. 3.2 Contracting Partner may subcontract logistics services in those countries where they do not have a legal presence provided that the following requirements are met: Requirement Partner must have defined criteria for selection and Criteria must include review of contractor s import license and rebate license. evaluation of the contracted party in determining suitability to provide such services Services provided must be documented in a contract Partner must provide details (e.g., in signed contracts) of subcontracted services. between the partner and the contracted company, including a Service Level Agreement. Records of contract approval must be maintained Periodic evaluations of contracted parties must be Partner must provide records of period subcontractor evaluation; evaluations must include review Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 5

6 conducted to ensure that contracted requirements, including service levels are being met. Records of evaluations must be maintained Partner must maintain a documented process for notifying contracted parties when requirements are not met, and for ensuring that appropriate corrective action is taken by the contracted party to prevent the recurrence of the problem. Records of such actions must be maintained. 3.3 Procurement Requirement Partner must demonstrate support for both centralized and decentralized procurement models. of performance to service levels. Partner must explain or describe how contracted parties are notified when nonconformances are identified; this process must include initiation of corrective action to prevent recurrence. Partner must be able to provide the services outlined in the Required Capabilities section for global engagements where customer s procurement model is centralized, decentralized or a combination of both. Partner must provide one example of a global customer engagement using centralized procurement methods and one example of a global customer engagement using decentralized procurement methods. 3.4 Security Requirement Partner must maintain documented security procedures. Partner must have documented procedures for identification and assessment of security threats and risks (e.g., physical/functional failures, incidental or intentional damage to infrastructure, operational threats and risks, natural environmental events), and mitigation of identified risks and their consequences Partner must have a process for Cisco Brand Protection. Partner must have a documented process specifying internal control mechanisms for ensuring compliance with Cisco Brand Protection policies, including preventive measures to ensure that no counterfeit or grey market product is distributed Partner must have defined roles and responsibilities for security management activities. Partner must have documented identification of roles and responsibilities and provision of resources for security management, including identification of ethical responsibilities for all personnel Partner must conduct security audits. Partner must provide evidence of periodic internal audits of the security management system, including evidence of corrective action taken when problems are found Partner must conduct security management reviews. Partner must provide evidence of periodic review of the security management system to ensure its ongoing suitability and effectiveness and to identify opportunities for improvement. 3.5 Business Continuity Note: If partner provides evidence of compliance to Business Continuity Standards, including ISIS2 or BS25999/PAS56, this section of the audit will be waived. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 6

7 Requirement Partner must maintain documented plans and procedures for ensuring business continuity. Business continuity plans and procedures must include: Business risk assessment Business continuity/disaster recovery strategies Roles and responsibilities for responding to incidents and emergencies Identification of critical systems and records, and appropriate back up and storage procedures Periodic review and revision of business continuity and disaster recovery plans 4 Required Capabilities 4.1 Global Order Management Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global order management. The process must include Review of customer requirements prior to acceptance of the order Records of order review Methods for modification of orders after order acceptance Methods for communication with customers regarding order inquiries and customer feedback Partner must offer their global customers the following order management services: Centralized and in-country ordering A single point of contact when ordering centrally Order configuration/verification for compliance with customer specifications Order verification for local requirements when customer orders centrally Customer access to global order tracking information Consolidated reporting of global customer purchases, including total price Partner must demonstrate their order tracking and reporting capabilities through a demonstration of their customer-facing systems and/or by providing sample reports. Partner must provide objective evidence of the above capabilities in at least three global customer engagements; these may be in the form of an SLA. 4.2 Global Invoicing Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global invoicing. The process must include Review of invoices prior to issuance to the customer Records of customer invoicing 4.3 Global Agreements Partner must offer their global customers the following invoicing services Consolidated billing and centralized collection Local currency billing for all major currencies Partner must demonstrate the above capabilities in at least three global customer engagements; these may be in the form of an SLA, invoice or accounting system. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 7

8 Process Capabilities and Services Audit Requirements Partner must maintain a documented process for creating and maintaining global customer agreements. The process must include Methods for establishing and periodically reviewing global pricing Review of global agreements Records of review and any changes resulting from the review 4.4 Global Logistics Partner must offer their global customers the following global agreement services Global master agreement offering consistent base terms and conditions. Service SLAs may vary by region Consistent global discount for Cisco products Partner must provide sample global master agreements and corresponding local addendums for at least three global customer engagements. For consistent discounts, objective evidence may be in the form of a master agreement, invoice or accounting system display. Partner must also demonstrate their global pricing methodology, including one example where Cisco has provided partner with a single discount and one where partner purchased at their contractual discount for each country. Process Capabilities and Services Audit Requirements Partner must maintain a documented process for global logistics. The process must include Identification and traceability of product while in partner s control through the use of an asset tracking system Coordination of staging, shipping and delivery activities Handling of customer complaints regarding logistics services, including problem identification and escalation, investigation/root cause analysis, corrective action and follow up with the customer. Partner must offer their global customers the following logistics services Asset tracking by serial number to point of delivery or to point of installation if required by customer Staging facilities in each graphic region Management of export/import process, in cases where not provided by Cisco Import includes customs clearance, duty/vat payment, delivery from port of entry to final destination Export includes export documentation, compliance with export laws, providing insurance, managing carrier(s) Partner must demonstrate their asset tracking capabilities by providing at least three SLAs with global customers, or at a minimum, demonstrate their asset tracking system for at least three global engagements, including one where the customer required tracking to the point of installation. Partner must provide a list of staging facilities, including the location and services provided. Partner must provide at least three global SLAs for engagements where they provided import/export services, including one where these services were provided by agents (or Cisco) in some countries. Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 8

9 Appendix 1: Sample Audit Agenda Audit Agenda Item Introductions and review of audit goals and methodology Partner introduction of global customer business, including an overview of partner s process/model for engaging and supporting global customers and the organizations involved Cisco relationship Review of Previous Action Items and Opportunities for Improvement, if applicable Validation of prerequisites General Requirements: Procurement Critical Success Factors Contracting Required Capabilities: Global Order Management Global Invoicing Global Agreement Global Logistics Global Information Security Review of audit findings with auditor (if applicable) Estimated duration 30 minutes 1 hour 4 hours Version 4.0, 8/31/09 Cisco Global Commerce Audit Preparation Document 9