SaaS Customer: A Checklist of What You Need to Know Before Selecting the Vendor
Bahan Sadegh, CEO and co-founder of NETtime Solutions and a veteran of the on-demand software industry, has written an article with the SMB Customer in mind. Sadegh has created a list of questions for the SMB to consider before choosing its SaaS Vendor entitled 10 Questions To Ask A Potential SaaS Vendor. His list is very informative and it would be wise to keep handy when considering which SaaS Vendor to select. I cannot attest to the fact that this is an inclusive list, but I will tell you that his discussion of the points he has identified gives the reader enough information to perform their due diligence and ask more questions and there really are more than 10 points to know if one includes all the “sub-points” Sadegh includes. I will try to provide a brief synopsis of his 10 Questions below:
1. Billing should be pay-as-you-go: We all know there is a business cycle and your invoice should reflect this cycle. Also, there should never be any maintenance fee on your invoice.
2. Security: Sadegh has a very good list of questions to ask in this very important area. Instead of trying to paraphrase his words, I think it best to directly quote him on this matter:
“Ask your potential SaaS vendor:
- Does the data center that is housing the servers have physical security 24/7?
- Is the perimeter of the data center secured (do guards walk the perimeter at least once per 24 hours)?
- Who has permission to the access these servers (only internal employees or do contractors also have access)?
- Is there a log that captures who came in and when they left? If so then how often are those logs audited?
- Does the application use industry standard 128-bit encryption?
- If multiple customers are housed on the same server then are they logically/physically separated to ensure your data is not viewed by unauthorized eyes?
- Has the staff of the SaaS vendor who has access to your data gone through a criminal background check? It’s important to know whether or not convicted felons have access to your sensitive personal data.
- Does the vendor have a formal BCP (Business Continuity Plan)? Is the vendor willing to share it with you and does it satisfy your concerns?”
3. Solution must be web based: There should be no requirement to install an application on any computer. Also any SaaS application should be able to run on any platform and any browser. In the event of a computer crash, you must have access to your application.
4. An experienced vendor: Make sure the vendor has experience in hosting. A vendor experienced in hosting has already addressed such issues as scalability and security and is not merely repackaging their application as SaaS. (NOTE: See point 8 below regarding MSP’s).
5. Upgrades should be automatic: You want to be on the latest version and have the most current functionality. There should be no need to retrain your users. The upgrades should be seamless.
6. Integration: You should have the ability to transfer between the web based applications and any on-premise applications.
7. Data must be backed up regularly: Nightly onsite back-ups and weekly offsite back-ups should be the minimum. Does the vendor test how to restore their database?
8. Who is hosting the solution: Is this an in-house hosting arrangement or has the SaaS vendor contracted out with a Managed Service Provider (“MSP”)? Get a SAS 70 report and verify that in the data center every system has at least one independent backup to ensure availability in the event of system failure; this is known as N+1 configuration.
9. Scalabilty: Can the SaaS vendor grow as your company grows? Ask about their largest customer and ask them about their plans for growth.
10. Is the SaaS system monitored: An easily overlooked question. Do they have monitoring software and do they test their firewalls?
Sadegh concludes his checklist by suggesting that the SaaS Customer perform a bi-annual review of their service with the above checklist in mind.
