Software as a Service: a checklist

Software as a Service (SaaS) has revolutionised our lives and freed most of us from large up-front development costs, expensive on-premise hardware and associated software and networks.

You just sign up and everything magically appears with your business data, pictures, documents. It is all backed up and safe. However, have you checked the provider is actually doing what they promised? AXLR8 have been in the SaaS business for over 2 decades and trust many suppliers but check everyone.

What questions should I ask an SaaS supplier?

Here are a few questions we suggest that you ask your SaaS supplier.

Business Stability

  1. Do you track their published accounts every year? Remember, the pandemic has tested all companies and many SaaS companies may be running on empty. More companies go out of business coming out of a recessionary period than going in to it!
  2. Are they debt free or do they have a negative balance sheet? If negative, is it getting worse year on year? Could the bank “pull the plug” tomorrow?
  3. Is the Supplier financially stable? Remember, if they miss payments to a lender, any of their key staff or any of their hosting and technology suppliers, they could disappear overnight and your data and system will probably be lost!
  4. Does the SaaS company have a portfolio of markets they work in so that a change in one market does not wipe them out overnight? Importantly, after the pandemic, are they already “running on empty”?
  5. How long have they been in business? Is their business growing or, if it has been through some recessions and recovered competently, all the better!
  6. Do they have many clients in their portfolio?
  7. Do they have an expert stable team or is there staff turnover? Worst of all, is it a one or two person company which could disappear with the health or motivation of one person?

My business critical data

  1. Do they answer their telephones in an emergency?
  2. Can I get my data from my SaaS supplier (free or for a reasonable small labour and materials fee)?
  3. Where can I read my contract for the service? If it was just something I clicked “OK” to when I signed up, then was there a clause to say they can change it at any time?
  4. Do I own my data entirely or do the supplier feel they own it?
  5. Does my supplier understand their responsibility as Data Processor and how it affects my liability under GDPR as the Data Controller?
  6. Who decides access rights for my staff? What happens when staff join or leave?
  7. If I am using the system free of charge, do the suppliers expect something back and if so, what?
  8. If I am paying, what if I miss a payment? Is there a small or large admin penalty? When does all my data get deleted? No supplier can store it indefinitely due to GDPR DP liabilities. If they do not delete my data, what are they doing with it?
  9. When can I give notice and what are the implications for recovering my data and any associated documents, mails, pictures, etc?
  10. Is the SaaS supplier compliant with cyber security standards? For example, can you find them on the IASME Cyber Essentials Plus compliant companies?
  11. Do your SaaS supplier have a reputable company for regular annual penetration testing to check security of the systems holding your (customer) data?
  12. What are their security policies?
  13. What are their privacy policies and can you find them on the Information Commissioner’s registration list?
  14. Can I talk to someone – a real human being – about the technical or commercial issues that arise?
  15. Can I customise and personalise the system and how does this affect my rights to upgrades?
  16. How often do they actually do back ups? Nightly, hourly, weekly? Are back ups hot? In other words, if my server goes down, does another one come up immediately? These different levels of disaster readiness come with very different price tickets. What level of resilience do I need?
  17. Can they scale with my business?
  18. Will they offer training for super users of the system?

Build vs Buy: should we just develop our own in-house system?

Before developing your own system with a software developer or an in-house developer, you should also be able answer the above questions.

You will be aware of the well known economics of software development:

If it costs 1 pound to develop a system,

it costs 10 pounds to implement and another 10 pounds to document it

15 pounds a year to maintain it and

150 pounds a year to support it.

Outside developers bidding for your business conveniently forget that in their pitch!

On top of that, complying with basic security and GDPR is very costly and you would be paying for it on your own. A SaaS supplier can share those costs around hundreds or even thousands of users.

A reputable SaaS supplier can also bring specialist expertise and new modules from the accumulated experience of thousands of users to your business. They can concentrate on updating their platform, performance, bug fixes, encryption, security. Do not underestimate these expenses. Their helpdesk is always there. Your inhouse developer could be off sick or go on holiday – or leave the company just when you have a critical repair.