May 19 2015

The Most Important Questions to Ask Potential SaaS Providers

A university IT expert explains how to find the best Software as a Service provider for higher ed’s unique data security needs.

Much like a marriage, a successful partnership between a university and a Software as a Service (SaaS) provider starts with courtship.

In CDW’s free, recorded webinar “Keeping Up with the Cloud,” expert Jeff Giacobbe stresses the importance of finding the right match. As Montclair State University’s associate vice president of enterprise technology services, Giacobbe helped migrate 20,000 student email accounts and the institution’s learning management system to the cloud.

He says the university used a vendor-vetting checklist to facilitate the process.

“It’s really just a questionnaire that asks what their internal policies are, how they’re going to be handling our data, what they do for security, what they’ve done in terms of regulatory compliance,” Giacobbe says.

But the six-part document is much more than that. It takes a comprehensive look at everything from day-to-day procedures to third-party providers, physical facilities and, most important, protection.

Click here to download the SaaS checklist:

It begins by asking whether the vendor follows a well-documented, regularly updated security policy. It also covers physical and information security controls, authorization procedures for data center facility access, active and passive data storage protection, and even environmental controls such as fire suppression systems.

To address business continuity concerns, vendors must provide details on primary and secondary sites, data backup and disaster recovery procedures, and the length of time needed to restore service in the event of an interruption.

The document also helps users scrutinize the vendor’s compliance with regulations related to health and student education records, plus financial info and credit card transactions.

Giacobbe calls the questionnaire a “litmus test” that gives IT staff a way to narrow down potential suitors.

“We can get it back from the vendor and say, alright, we’re pretty confident that they know what they’re doing, or they have no idea what we’re asking or why we’re asking these questions,” Giacobbe says.

If the vendor’s answers leave IT heads with cold feet, it might be best to look elsewhere, he warns.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT