Understanding various SaaS Software Requirements could help you avoid issues in the future.
SaaS software depends on a distribution model that allows users to operate a software solution online. Meaning that most of the processing and storage will occur on the servers that are off site. A lot of businesses are investing in SaaS and integrating it in their IT operations. Choosing, evaluating and implementing a SaaS application is only half of the equation. You also need to consider including a number of other technology aspects of your SaaS software requirements policy to maximize its benefits. These are the top SaaS software requirements that your provider needs to meet.
Data Security, Encryption, Access, and Segregation
Ask your SaaS provider whether they are offering a shared or dedicated environment. If the environment is shared, ask them how they segregate data. The SaaS provider should make it clear how they manage security in the shared environment and what controls and type of data architecture they implement as well as who has access to the data, software, infrastructure, and hardware. The responsibilities and role of administrators should be clear as well. The vendor should explain what data access and application audit logs are available and how often you can get this.
You also need to know how the primary data is encrypted, who has access to the decryption keys, what encryption schemes are implemented and how often it is tested. Ask the vendor how and where they store backup data as well as who has access to it. You should ask about the investigative support they provide in cases of breach and the options you have to get your data and how much their service costs. It’s also important to determine how you can remove your data from the environment.
You need to know what types of regulations the vendor complies with. The SaaS vendor portal software should give you access to audit reports.
Hosting Facility Compliance and Security
The hosting facility should comply with SAS 70 II or Statement of Auditing Standards. You should ask the vendor how often this compliance is audited and how they actively implement SAS 70 II controls. It is also important to know what their requirements are in their work processes.
Hosting Provider and Location of Data
If you’re interested in integrating a SaaS application in your IT operations, it is important to determine who your hosting provider will be and where they are located. You should also determine what type of infrastructure, software, technology platform, hardware and operating system they are using. Ask them what kind of network bandwidth is available and what type of scalability is given for extra computing power and how much it would take. Ask them what kind of virtualization software and architecture diagrams they are using.
Business Continuity and Disaster Recovery Options
One of the most important SaaS software requirements is the business continuity and disaster recovery options you have. Ask the seller if whether it’s part of their service or not. Learn where their disaster recovery data centers are located and what type of infrastructure they have to synchronize and duplicate data between the primary and disaster recovery data centers and if it’s available in real-time on a daily basis. It is also important to know how fast the disaster recovery environment can be activated if the primary environment is not functioning.
Identity Management Solutions
Ask the vendor what identity management solutions they provide. You should also ask them what kinds of Single Sign-On options they offer. Do they provide HTTP-Fed, SAML or other options? It is also important to learn what kind of user security, authorization and authentication options are provided by the vendor. Ask the vendor if the SaaS app can be integrated with your current Identity Management system and what kind of use store they offer and if it can be assimilated with other user store databases.
It is also important to learn what technology and technology procedures, standards and policies they comply with, how they manage the projects internally and what architecture frameworks they follow. Ask the vendor what professional services they offer to support and put the SaaS application into action as well as what PM resources they have.
APIs and Web-services
You have to know what APIs and web-services are offered by the vendor to store and access data. Ask if the APIs are encrypted and secured and if you can access your data from the database. It is also important to determine what kind of reports can be made or generated.
Support and Maintenance
Your SaaS software requirements policy should include some support definitions as well. Ask what kind of support is provided by the vendor. Are they available 24/7? Can you reach them through phone or email? You also need to know who and how many is in charge of the support desk and where they are located. Determine what kind of alerting and monitoring as well as integration and migration support they provide. You also need to know how they perform patches, upgrades, and other maintenance and how they support the current SaaS apps of their customers. Ask them what kind of risk management and change management they follow and if you have control on applying upgrades, changes and patches to the SaaS application.
SaaS Software Requirements – Service Level Agreements
You should know what Service Level Agreements are offered by the vendor. If SLAs are not met, what kind of credits are available? Ask if there’s a regular meeting to assess the SLAs, requests and issues and who will be part of the meeting. You should also confirm whether the terms and conditions of your contract are connected to the SLAs and who you can contact in the management team if the SLAs are not met.
Vendor Management, Sustainability and Product Roadmap
You need to learn more about the management, including their experience, who and how many is part of it, how it is funded, how many clients they have, where they are located and what is product strategy and roadmap. Ask them how they manage their product strategy, customer requirements, and competition. You should also ask if they offer a proof of concept or trial for your product.
Contract and Costs
Contract terms and prices vary from one SaaS vendor to another. Determine what is excluded and included in the costs and whether you’ll be charged for new product features. Ask the seller if they’re open to contract negotiations and what the minimum contract period is. Read the terms and conditions of contract as well as penalties and determine if there are discounts you can get for long-term contracts.
SaaS Software Requirements