- Does your SaaS application meet the functional requirements of my organization?
- Will your application fit the evolving needs of my organization as time goes by?
- Does your application require that I significantly alter my existing organization workflows?
- How reliable are you – do you provide references, case studies and third party assessments?
- Do you have information available about your physical location and telephone number?
- Do you have information about your top management on your site?
- Do you have just a handful of customers, or thousands or tens of thousands?
- Are you a publicly listed company? And if not, do reputable investors fund you?
- Are you well covered by traditional media and technology blogs?
- Are you active in blogs and social media sites?
- Do you offer a Service Level Agreement (SLA) for your services? If yes, how many 9’s does it have (look for 99.9% to 99.999% uptime guarantee)?
- Do you have a transparent, public site where you publish any system issues or outages for everyone to see?
- Do you offer compensation commensurate with any potential financial loss if my organization suffers due to lack of availability? Will you compensate me automatically or do I need to ask for it?
- Do you have the applications and data stored in several geographically separated datacenters? If yes, how many datacenters do you have? If geographically distributed datacenters are used, what countries are involved?
- Is there a disaster recovery strategy in place? How frequently is it tested?
- How many copies of the data are backed up? How often is backup performed?
- Can I readily export my data in a usable format?
Changes to the Application:
- Approximately, how often do you upgrade your application?
- Will these upgrades impact my use of the application, and if so what time of day and for how long will I be affected?
- How and when will you notify me about any scheduled maintenance?
- How do you handle support? How can I contact you to get more information about unscheduled or extended downtime?
- Is there any fine print in your SLA regarding maintenance related issues?
- What is your approach to service security? Can you offer an overview of your general security approach?
- What security procedures are in place at the datacenter? How many technicians have access to my data and how well are those technicians vetted before they are given access?
- What are the security measures you use to authenticate users?
- What level of encryption do you offer to protect my data?
- How secure is your application and do you work with any independent security vendors to vet the overall security of your product?
- What recognized standards apply when you are audited?
- Are you compliant with the regulations applicable to my organization?
- What are the important data related laws in the countries where your infrastructure is located?
- Do you use customer data to promote your organization through advertisements and do you sell customer behavior/information to third parties for marketing?
- What are your policies relating to the legal aspects of data being stored offsite on third party hardware? I have concerns about my data being subpoenaed or breaching some arcane regulation, please explain these issues as they relate to my organization.
34. What are your terms when it comes to ownership of data? How about any metadata I generate while using the application?
35. How easy is it to export data from your service when moving to a new service? Do you offer an option to export the data in one of the open data formats like XMLor JSON? Are there any extra charges for exporting the data?
36. Do you delete my data completely if I delete it from the application?
37. What happens to my data if I discontinue your service – do you delete it immediately? Can I retain access to a read only copy for a fee?
38. How easy it is to integrate with other applications?
39. Is supported integration, or prebuilt integration available with any other systems?
40. Do you offer API access? Are there any extra charges to access API? What form do the APIs take?
41. Do you support integration with legacy applications?
42. Do you partner with any companies that specialize in integration?
- Do you offer custom domain options?
- Do you provide the ability to edit headers, footers, login page, etc. for branding purposes?
- What is your permissioning scheme – do all users have access to the entire application or can you customize who has access to what on an individual and by role basis?
- Can you configure the system to match your organization processes, such as by customizing transaction definitions and workflows?
- Some SaaS applications, like financials and CRM, require data field customizations. Do you provide the ability to customize data fields? Can you add new fields? How many? What field types are available?
- Can you change the behavior of the applications, such as including custom triggers and
- Organization processes that span multiple applications are also often important. Can the application be called by other systems? Can it call out to other system?
- Can the application be extended – does the vendor provide tools that you can use to build new screens or modules or features that the vendor does not already include?