SaaS Due Diligence - Part 2 of 2

Transitioning to SaaS

data migration tool - is there a tool readily available - is there a choice of tools?

data migration process - do you have the expertise to carry this out in-house, who else can provide this service, at what cost?

if no proven data migration path, employ 3rd party migration tools / services, at additional cost

clean start option - dual run both old and new systems, if economically and practically viable
Service and Support and Security

software trial - how long, how scalable, is this representative of final state performance and usage?, is it easy to transition from the trial to operational, or is a fresh data load required?

service availability, including application and data

security standards support - e.g. ISO 27005, NIST SP80-300

the need for a cloud security standard

offline data availability

availability of support channels - and their fit to how your organization operates

support desk response times

redundancy - of power supply, computing resource, data repository availability, internet backbone connection,

Internet Service

- compensation for disruption to service

- minimum service upload and download speeds

- alter contract to more favourable conditions to suit your heavier usage/custom of their services

Data

data portability - how easy is it to retrieve data out of this particular SaaS service?

accessibility of data - how easy is it to snapshot and download your data for your own use

data removal - what traces of customer data would be retained on the system should a customer cancel their contract?

confirm data ownership will continue to rest with you

are there any need to upload or refresh additional data or metadata

data security - hardware and software - software intrusion detection, encryption, table names, security mechanisms used by the SaaS provider?

what level of access would the SaaS provider's staff have to read data and how rigorously is this managed?

physical security of your data - data center design

Contract

T&Cs

Data security and portability

Non-renewal actions

Licence terms

Source code ownership - a recent mention of escrow services for SaaS was covered by my respected friend Ben Kepes at CloudAve. Trust you don't mind being considered a friend, Ben...

Other IP

Charging model - data throughput

Comments