We have traveled through the process of initiating a project, defining requirements, searching for and finding our ideal solutions. We have narrowed down the field and should have, at this point, a couple of vendors to choose from. The approach changes slightly depending if you are looking at cloud or on-premise solutions. Below is focused on cloud applications.
For larger companies your procurement and legal departments will no doubt lead the charge on reviewing in detail the contract, terms and conditions and the Service Level Agreements provided by the vendors. They will need your input to agree items such as main support hours, tiered support and response times etc.
Some ‘negotiation’ may have already taken place as vendors adjust their pricing – ‘best and final offers’ and all that good stuff. Worth noting that larger organisations will have more negotiation power with vendors and depending on the solution there could be wiggle room on implementation costs. Now is the time to get into the detail and break down what is included and not included and whether there are any deals to be made.
For small organisations there is, of course, less power to negotiate structured pricing and you may not have access to a procurement or legal resource. Take a look at the following checklist which provides a list of things to look out for in the contract and SLA.
- Data Centre Location
- Disaster Recovery and data centres locations
- Disaster Recovery protocol
- RTO – Recovery Time Objective
- RPO – Recovery Point Objective
- License terms – active users, banding, add-ons
- Service Level Agreement – support hours and response times, performance
- Data Protection and GDPR
- Security – physical and technical
- Penetration Testing – who and when last and how often
- Length of contract and exiting conditions
- Renewal rates
As stated there may be little negotiation on the per user price but there should be some wiggle room with regard to the SLA and performance requirements. Please be aware that the vendor may post performance information on their website but it will mean nothing unless it is in your contract or SLA.
Similarly, the vendor may have verbally told you their data centre location. Ensure you have in writing the location of the data centre, the data centre provider (and their ISO accreditation) and the disaster recovery protocol. Why is this important? Their DR could involve backup to a data centre outside of the EU in which case you could find yourself accidentally breaching GDPR!
At this point, with all the detail to hand you are in a position to make an informed decision on the best solution for your business.
Pricing will have a big influence at this point but remember that you are looking for a number of benefits from your solution – check back once again on your requirements and identified benefits and ensure you haven’t negated a key benefit in the rush to complete selection.
Make your final selection. Enjoy the sense of accomplishment as you inform the vendor and the job of signing contracts gets underway. Get yourself a coffee and enjoy the quiet – you are are about to get very busy with implementation!!!
Next posting will be on HRIS implementation.