You have identified a business need and now you are asking yourself the question of investing in a software solution. What are the steps not to be missed to make your choice? On what criteria to compare products and publishers?
Compare in-house development and external provider
Before investing in a SaaS solution, it is often a question of whether it is worth considering an in-house development. It can be tempting to choose this track at first, believing to do faster - “we are certainly in the best position because we know best our own needs” -, do at lower cost - “it will necessarily cost me less to use the solution developed internally than to pay a subscription to a solution publisher” -, and do better - “at least, if we have to evolve the product, it will be easier because we have the hand”. All this remains true but it is necessary to weigh certain elements.
Indeed, it is important not to neglect the cost that the internal solution can represent, and especially on its human component. The teams dedicated to the realization of the solution are sometimes not dedicated to the project and the latter can drag in length. In addition, choosing an external service provider makes it possible to capitalize on the experience of the publisher and benefit from the product changes made for other customers.
Your choice is made: You have decided to opt for a publisher and now you are comparing market solutions. What are the choice criteria to consider?
Assess three types of criteria
There are three main families of selection criteria in your review of a software solution:
- Functional criteria: these are the most obvious criteria: the chosen product must best meet the needs expressed by the business. This is to compare the functionalities of the IT solution, its practical aspects, but also its ease of use, its subscription terms, etc…
- Non-functional criteria: these elements are almost as important as functional criteria and it is important to make an accurate and documented review.
On the safety dimension first of all, it is important to check that the chosen product best meets the company’s safety policy or the regulations specific to the evaluated product. Where applicable, depending on the area covered, it may be important to look at certifications and other standards to ensure that the solution publisher meets a sufficient level of requirement.
On the GDPR issue, we must take into account the two dimensions of GDPR compliance: organizational and technical. By technique, we mean tools dedicated to securing data (pseudonymization, setting up dedicated servers, identification and authentication). Organizational means the procedures put in place to secure the data and the confidentiality and privacy measures (IS security policy - PSSI, training, authorisation procedure, data mapping, legal security, etc.). These two dimensions are therefore intimately intertwined but the review of the two components often allows to refine the choice of the IT solution. A good practice is to integrate regulatory and legal security requirements into the contract that will be established with the solution provider in the form of an SLA (service level agreement). Finally, it is advisable to opt for a publisher who will have integrated the security dimension in the design of his product (security by design) and who does not make it a paid option.
It is also advisable to check a number of elements concerning the supplier: its financial independence, the estimated turnover achieved with the latter, or to guard against possible conflicts of interest.
- The third criterion is that of the service dimension around the product, its support service and the appreciation of the brand that carries the solution. If the product is technically flawless, it is almost as important to ensure that you can benefit from support from the publisher’s teams during the implementation, and in case of difficulties when using the solution.
Bravo! Your choice is made, you take the plunge and you invest in a SaaS solution. How to successfully integrate and adopt the solution?
On a purely technical level, the better the IT teams will understand how the chosen product fits into the company’s information system, the better they will cut and frame the subject. Their understanding is therefore one of the first key success factors.
Moreover, depending on the dimension of the project in which the chosen software solution fits, the elements to be taken into account may vary.
There are two main types of projects when adopting a SaaS solution:
- Either the chosen solution is stand alone, it lives in its small bubble and its implementation is relatively easy. Once the compliance review is completed, care must also be taken to manage the authentication of the Users population, always in accordance with the security policy of the company. This often involves implementing a single sign-on (SSO): we federate identities between the purchased solution and our own employee identification solution. This allows you to keep control and secure access to the chosen application. When single sign-on is not technically feasible, it is possible to apply double authentication.
- Either the solution fits into a broader information system and requires the design, development and implementation of inbound, outbound, multiple or single source data streams. From a technical point of view, this modeling becomes the bulk of the project to adopt a SaaS solution.
The human factor, the cornerstone of success
The technical aspect is essential for the successful integration of a SaaS solution but underestimating the human aspect would be a mistake. The technical aspect is nothing without its change management counterpart. The chosen product can be technically perfect, it will be of no use if it is not adopted by its users. For the deployment to be a success beyond its technical aspects, it is essential that the change management process is embodied and its message carried loud and clear by recognized sponsors who have the legitimacy to do so. It is also necessary to go beyond discourse, in order to embody change and make it possible in the eyes of users.
When implementing the tool, it is important to be able to provide contextual support to users when they need it to facilitate the adoption of the IT solution. This technical support “on the ground” and correlated to the daily needs of users is essential, in addition to more theoretical training.
The time constraint, the dimension not to be neglected
The pitfall to avoid would be to ignore the time and effort it takes to be certain that the chosen IT solution is in compliance with the specific requirements of the company, functional or otherwise. Indeed, it is necessary to ensure upstream that the chosen product is consistent with the company’s standards and regulatory requirements. By carefully examining internal processes and knowing the standards requirements of our organization (regulatory standards but also brand standards), we minimize the risk of encountering difficulties in implementation. The upstream dialogue between the solution’s user business and the support responsible for implementation is key and requires time to align the issues and reconcile their expectations.