Software Acquisition Process Improvement (SAPI)
Introduction

CERN’s process for finding, requesting, and purchasing software and cloud services is unclear, fragmented, and lacks governance. There is no centralised, user-friendly catalogue of available solutions; documentation requirements are burdensome; guidance depends on a few individuals; and decision-making can be slow or inconclusive, leading to prolonged committee discussions.
Anyone can initiate a request, resulting in uncoordinated demands that generate significant review workload for the process experts. The process has evolved organically through isolated audit-driven policy changes, leaving no clear ownership or coherent end-to-end design.
This creates frustration for both users and experts, and slows down access to needed tools. At the same time, the process does not apply to free tools which can expose CERN to compliance issues and risks, drive hidden costs, and reduce organisational efficiency.
Without action, workarounds and fragmented solutions will continue to solidify, making future remediation harder and more expensive. The rising demand for cloud services and the growing complexity of compliance obligations further amplify the workload on experts and the risk to CERN. A coordinated, governed, and user-centric process is now essential.
Mandate
- Deliver, test, and validate a simplified, risk-based, and compliant acquisition process that meets stakeholder needs and ensures eSort is proportionate to risk, complexity, and skills.
- Produce a project plan for the full implementation of the process including the process’ ownership, governance and roles for approval by the project sponsors.
Scope
In:
- Acquisition process of software/cloud services and enabling features on existing products.
- Discovery of software/cloud services available for CERN employees.
Out:
- Purchasing of support and/or external consultancy services for software/cloud services.