August 15, 2012

Software as a Service (SaaS) Checklist

Software as a Service (SaaS) is becoming a viable option for many organisations, offering benefits in terms of maximising output and providing control of cash flow and freeing up of internal resources.

Currently within my organisation we are actually actively using all 3 cloud technologies in multiple deployments for SaaS, PaaS and IaaS. eg. Lync, Office365, ZenDesk, TiPT, JIRA, Crowd, Confluence to name a few.

The following is a general overview of some of my findings with SaaS including a simplistic checklist for due diligence. Feel free to comment and provide feedback.

Firstly, my opinion:

Within the Australian Aged Care space, I do not believe that there are any Aged Care Industry software vendors, providing an end to end SaaS solution.

Vendors, feel free to put your hand up to challenge this statement.

Find the download link for the checklist if you don’t wish to read the entire post.

[wpfilebase tag=file id=2 /]

Moving on….

My criteria, for an Aged Care Software Vendor to provide Software as a Service offering could be surmised by the following:

1. Subscription based, Affordable and all inclusive

Diverting from the traditional annual software and maintenance license agreement, SaaS is usually sold on a holistic subscription basis that includes upgrades, maintenance and a degree of customer support. SaaS subscription models usually operate on a monthly subscription basis and hence there are no large up-front costs.

2. Zero Infrastructure, Zero System Administrator

My definition for SaaS is that there is zero on site infrastructure, zero on-site administration and the underlying ICT infrastructure is handled by the SaaS vendor. CIOs, IT Managers, Users do not need to worry about hardware maintenance of hardware, operating system compatibilities, database versioning. The SaaS vendor takes care of all of this for the end-user, so the end-user doesn’t have to.

3, Seamless Software Application Upgrades

My view is that the SaaS provider manages the software release cycle inclusive of upgrades. The benefits should be obvious for any organisation or ICT department with the elimination of downloading, operating system patching and the potential for application cross продажа кондиционеров в могилеве termination

 4. Service Level Agreements resulting in Guaranteed Levels of Service

How many organisations have any performance guarantee with their software ? SaaS introduces and enforces the concept of SLAs. SaaS SLAs should have quantitative measurements in terms of uptime and how the software will perform. In the event that the SaaS offering doesn’t deliver, the vendor would incorporate a penalty or discount around service. Again, within the Australian Aged Care software vendor space,I do not know of any Australian Aged Care software provider offering a SLA with penalty clauses

5. Disaster Recovery/Business Continuity/Backups and Data Recovery all taken care of

Within my organisation, we are quite familiar with traditional software and systems (some 220 of them actually). We also have case history and proven delivery of BCP/DR outcomes. See  . If you are familiar with traditional software, you will know the cost of virtualisation, site recovery and the costly automated solutions that need to be implemented around BCP/DR. The process of backing up your data and providing real time access to systems can be laborious at the best of times. In my opinions, SaaS solutions eradicate this painstaking task, ensuring the lights are on without user intervention and thus ensuring the integrity of your data.

6. Browser based and Work Anywhere

Simply put, have internet connection, have browser, will work. My view is that given an internet connection, SaaS solutions can be accessed from anywhere in the world. The much touted teleworker fits comfortably in the mould of the SaaS model. Users are able to access their data and work more effficiently from anywhere at any time. Gone is the domain of being bound to a desk and a given site.

7. Security

In my view security would be more onerous in a SaaS offering. SaaS providers should have geographically separated data centres. The chance of social hacking is potentially less and security models are more rigid with processes to be followed as opposed to flexibility in traditional systems

8.Quick and Easy Deployment

As stated previously, my thoughts are on SaaS is all that you should need is a web browser and internet access, and away you go. Gone are the project management and deployment headaches of traditional software with extended time frames. I wish to point, click and provision and for it to be sitting there when I come back from lunch.Find attached, a SaaS checklist that I have used with a few providers whilst doing due diligence.

I’ve included a simple checklist below for consideration with interaction with prospective SaaS Vendors.

I wish to acknowledge Brett Avery of Webstercare, for his outstanding work in responding to the checklist that I have attached. I have had multiple providers across different industries respond to the high level checklist, but none with the same professionalism and diligence that Brett provided. Unfortunately, I’m unable to attach his responses due to confidentiality reasons, but it seriously was a cut above.

A special mention goes to Sonja Bernhardt of ThoughtWare for her prompt replies in good customer follow up. A number of vendors could also learn from Sonja about customer service.

As mentioned above, please provide feedback, as I will revise and share with the masses.

[wpfilebase tag=file id=2 /]

(if the link doesn’t render go to the direct page and find the download )

The list its entirety (Copy and Paste is your friend) though I recommend the download above as it maintains formatting.


SaaS Checklist

General Organisational Governance & Roadmap

  1. How many years has Business/Organisation been in business?
  2. May we please of a general 1 page summary of the SaaS offering
  3. May we please obtain a roadmap of the SaaS/software development?
  4. Was the proposed software solution developed by Business/Organisation, or was it originally developed by a software supplier who was subsequently acquired by Business/Organisation?
  5. When was the first release for the proposed software solution?a. What is the current release for the proposed software solution, and when was it formally released for commercial availability?b. May we please obtain details on Business/Organisation’s Software development life cycle inclusive of quality assurance and release cycle?
  6. How many developers work on the software or what is the size of the development team working for Business/Organisation?
    1. What was the size of the team 1 yr. ago?
    2. What was the size of the team 2 yrs. ago?
    3. In House/out sourced?
  7. Does Your Organisation Name have access to the application source code?

a. Is the source code placed in escrow?

  1. What considerations are given in the event Your Organisation Name provides advice or funds development of the product?
  2. Confirmations on licensing?
    1. There is no restriction on the maximum number of concurrent or named user licenses? Do you have a light agent model?
    2. How does the licensing model apply to reporting? Are there any restrictions?
    3. How does the licensing model apply to exporting of file formats? PDF, WORD, Excel, XML, CSV?
  3. Can Your Organisation Name increase or decrease the services/licenses as the organisation needs shift?
  4. Is Your Business/Organisation billed in advance or only after use of the service?
  5. Are there any long-term discounts, such a paying for a year to two in advance?
  6. Is there a minimum contract period?
  7. Are there termination or other penalty fees?

Technical Support Governance and Service Level Agreement

15. May we please obtain your Business/Organisation’s default SLA for end to end systems management?

  1. What warranties are provided (and not provided)?
  2. What disclaimers and limitations of liability are in the Warranties/Contract?
  3. Are there remedies and/or penalties for failure to meet SLA requirements?

16. Could you please detail the Business/Organisation service/support desk process?

  1. What are the options for technical support?
  2. What options can Your Organisation Name choose from?
  3. Is technical support 24x7x365?
  4. What support is free and what requires a separate fee?
  5. May we see an example of contact details for technical support? Is it a 1800/1300 number?

i. Is tech support handled by Business/Organisation or is outsourced? Onshore or Offshore?

  1. How does Business/Organisation notify of interruptions or downtime, including scheduled maintenance? May we see examples of these?
  2. How does Business/Organisation respond to slowness or other performance issues?
  1. May we please see an example of reports/governance of server systems, inclusive ofpatching/security/backup and restore/disk management, server uptime?
    1. Where are the Business/Organisation Application servers hosted inclusive of data sovereignty details? May we also get an IP address?
    2. Where are the Business/Organisation BCP/DR servers hosted? May we also get an IP address?
    3. May we please see a report on the BCP/DR restoration process?
  2. Can you provide details of user support groups?
  3. Can you provide details of user support forums?
  4. Is there a named single point of contact to handle Your Organisation Name’s service account?

Security & Schema

21. What is the security model for the system? What are the different layers?
a. May we please have SSL certificate details?
b. What certifications of any kind can you provide around privacy and security?

c. Can you please provide audit trails of Blue Card authorisation of staff accessing systems?

d. May we have a copy of Business/Organisation privacy policy? page2image23704

  1. How is confidential information handled?
  2. How does Business/Organisation handle Nondisclosure Agreements? Can you provide examples of this?
  3. Is the Business/Organisation data provided in a shared data model?

i. How is it segregated/protected?

  1. How is the data encrypted during transmission and when stored?
  2. Are there policies and procedures in place for security breaches, data theft?

22. Does Business/Organisation provide a data schema via a NDA?

a. May we please obtain a visual representation/UML diagram of the system inclusive of data/security and transaction model?

  1. Could you please confirm the database topology that is used, inclusive of year, version, service pack and any licensing considerations Your Organisation Name would need to take into consideration?
  2. Can you please explain the audit log process for querying of security related matters?

Business Continuity Process/Disaster Recovery (BCP/DR)

  1. Could you please explain what happens in a BCP/DR situation if the Business/Organisation SaaS server goes down? How up to date is the data in this situation (Sites still have internet access in this use case scenario.)
  2. Could you please confirm that logins are not bound back to IP?
  3. What is the process of receiving data snapshots?
  4. Are there extra charges for backup, restoring data or other services?

System Framework/Reporting/Scalability/Reporting

  1. Does Business/Organisation integrate with LDAP (Active Directory)/ Federated/Services?
  2. Does Business/Organisation support Single Sign On?

a. If so, what is the methodology that is used?

  1. Does Business/Organisation require installation of any plug-ins or other software to operate correctly?
  2. Are there any limitations on whom or how Business/Organisation SaaS can be used?
  3. Are there any restrictions on the types or versions of browsers? ie. What browser platform does Business/Organisation care run through? (Looks like an ActiveX control is required) or are there any restrictions on the database, hardware platform, network, or operating system environment for which the software is compatible?
  4. Could you please provide us in PDF form example reports from the system?
  5. Are there any real time messaging options across the platform? Is it possible to see a notification matrix?
  6. Are there any published interfaces/web services?
  7. Could you please detail the scalability of the proposed Business/Organisation SaaS solution?

a. Have you quantitative data to demonstrate load and concurrent access to verify the above?

38. Can you please detail Business/Organisation SaaS support for mobility platforms?
39. Can you please explain if Business/Organisation SaaS supports calendaring of events? 40. Can you please explain Business/Organisation SaaS scheduling and events service? 41. Can you please Business/Organisation SaaS emailing requirements?
42. Are there any limitations on creating Ad-Hoc reports?

  1. Do you need specific software installed on a computer?
  2. What is the reporting platform being used?
  3. What version?
  4. What is the process if we need a specific report generated?

43. How are training materials and services costs covered with feature upgrades?

  1. Could you please send across user manuals and or training material?
  2. Do you have eLearning modules? What format are they in? SCORM etc.

Service Termination/Exit Strategy

44. What happens in the event Your Organisation Name terminates the contract? a. Who owns the data?

  1. How and in what format will the data be returned to Your Organisation Name?
  2. What assistance is available to transfer/transition data if Your Organisation Name needs totransition data back продажа кондиционеров в могилеве in-house



3 responses to Software as a Service (SaaS) Checklist

  1. You need to include a requirement for bandwidth (normally per user) for all SaaS deployments. Intensive video and audio applications can cause issues if not provisioned for.

  2. Concise and to the point, the cloud models still need a degree of planning and design to be a actual benefit to the business. However I believe that if done correctly can have positive implications to the efficiency of any business.

Leave a Reply


+ nine = 14

Text formatting is available via select HTML. <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>