Software as a Service: a checklist

Software as a Service (SaaS) has revolutionised our lives and freed most of us from large up-front development costs, expensive on-premise hardware and associated software and networks.

You just sign up and everything magically appears with your business data, pictures, documents. It is all backed up and safe. However, have you checked the provider is actually doing what they promised? AXLR8 have been in the SaaS business for over 2 decades and trust many suppliers but check everyone.

What questions should I ask an SaaS supplier?

Here are a few questions we suggest that you ask your SaaS supplier.

Business Stability

  1. Do you track their published accounts every year? Remember, the pandemic has tested all companies and many SaaS companies may be running on empty. More companies go out of business coming out of a recessionary period than going in to it!
  2. Are they debt free or do they have a negative balance sheet? If negative, is it getting worse year on year? Could the bank “pull the plug” tomorrow?
  3. Is the Supplier financially stable? Remember, if they miss payments to a lender, any of their key staff or any of their hosting and technology suppliers, they could disappear overnight and your data and system will probably be lost!
  4. Does the SaaS company have a portfolio of markets they work in so that a change in one market does not wipe them out overnight? Importantly, after the pandemic, are they already “running on empty”?
  5. How long have they been in business? Is their business growing or, if it has been through some recessions and recovered competently, all the better!
  6. Do they have many clients in their portfolio?
  7. Do they have an expert stable team or is there staff turnover? Worst of all, is it a one or two person company which could disappear with the health or motivation of one person?

My business critical data

  1. Do they answer their telephones in an emergency?
  2. Can I get my data from my SaaS supplier (free or for a reasonable small labour and materials fee)?
  3. Where can I read my contract for the service? If it was just something I clicked “OK” to when I signed up, then was there a clause to say they can change it at any time?
  4. Do I own my data entirely or do the supplier feel they own it?
  5. Does my supplier understand their responsibility as Data Processor and how it affects my liability under GDPR as the Data Controller?
  6. Who decides access rights for my staff? What happens when staff join or leave?
  7. If I am using the system free of charge, do the suppliers expect something back and if so, what?
  8. If I am paying, what if I miss a payment? Is there a small or large admin penalty? When does all my data get deleted? No supplier can store it indefinitely due to GDPR DP liabilities. If they do not delete my data, what are they doing with it?
  9. When can I give notice and what are the implications for recovering my data and any associated documents, mails, pictures, etc?
  10. Is the SaaS supplier compliant with cyber security standards? For example, can you find them on the IASME Cyber Essentials Plus compliant companies?
  11. Do your SaaS supplier have a reputable company for regular annual penetration testing to check security of the systems holding your (customer) data?
  12. What are their security policies?
  13. What are their privacy policies and can you find them on the Information Commissioner’s registration list?
  14. Can I talk to someone – a real human being – about the technical or commercial issues that arise?
  15. Can I customise and personalise the system and how does this affect my rights to upgrades?
  16. How often do they actually do back ups? Nightly, hourly, weekly? Are back ups hot? In other words, if my server goes down, does another one come up immediately? These different levels of disaster readiness come with very different price tickets. What level of resilience do I need?
  17. Can they scale with my business?
  18. Will they offer training for super users of the system?

Build vs Buy: should we just develop our own in-house system?

Before developing your own system with a software developer or an in-house developer, you should also be able answer the above questions.

You will be aware of the well known economics of software development:

If it costs 1 pound to develop a system,

it costs 10 pounds to implement and another 10 pounds to document it

15 pounds a year to maintain it and

150 pounds a year to support it.

Outside developers bidding for your business conveniently forget that in their pitch!

On top of that, complying with basic security and GDPR is very costly and you would be paying for it on your own. A SaaS supplier can share those costs around hundreds or even thousands of users.

A reputable SaaS supplier can also bring specialist expertise and new modules from the accumulated experience of thousands of users to your business. They can concentrate on updating their platform, performance, bug fixes, encryption, security. Do not underestimate these expenses. Their helpdesk is always there. Your inhouse developer could be off sick or go on holiday – or leave the company just when you have a critical repair.

Security incident today

Thirty five client websites, including our own Staffing specialist website, have been affected by a DDOS attack this morning.

No business critical business applications are affected.

Email is not affected.

It should be resolved by the engineers at the datacentre soon. These problems are rare and this is the first in perhaps ten or more years.

Thanks for your patience. Please do not hesitate to contact us if you need more information.

Contact Field Marketing – Success through talent

AXLR8 have now been supporting field marketing companies collecting data in store for 15 years.

Our clients have taught us so many things in that time.  Likewise, they are always learning and solving new problems to help their brands and other customers.

To celebrate we have created this video to explain how CFM, a growing leader, is challenging the top players in the retail merchandising and promotion fields.

It concentrates on two current challenges.

Building and developing the team

Clients need to attract the best talent in these competitive times for all recruiters.  They then need to build, train and deploy their teams on client projects.  CFM have the talent management team in place to achieve this using the AXLR8 ATS and to work with trusted specialist long-term business partners to supply staff where required.

Field Data Collection and Client Presentation

The value added by good field marketing and merchandising providers is the immediate, high volume, accurate data reliably collected in the field (e.g. sales and stock numbers, competitor pricing, before and after pictures during POS and merchandising projects)

Volume collection

Using their AXLR8 apps staff are booked on projects and specific store visits and collect data in high volumes in store.  The system has to handle thousands of data items every hour from hundreds of store visits on multiple projects.  App reliability and central database resilience is of paramount importance.  At the same time the questionnaires must be flexible so they are easy to create and easy to change midway through campaigns.

Customised client portals

Once the data starts to come in, the numbers, reports, pictures and other information has to be moderated and presented well to their clients on a secure portal

The system allows CFM to concentrate on client engagement staff relations and creative ideas as they know the admin is being handled by a reliable system that AXLR8 has customised to their needs.

This means they can focus on client specific needs. No wonder they are so successful.

AXLR8 achieve Cyber Essentials Plus 2022-3

AXLR8 achieve Cyber Essentials Plus 2022-3

AXLR8 have now completed our audit for 2022-3. We are spending increasing amounts on cyber security every year. This puts AXLR8 ahead of most competitors in the markets in which we supply and support our systems.

The Journey

We would love to report that we flew through but let’s just say but the pre-audits were very useful. We are a great deal more secure again this year as a result. It will be even tougher next year as IASME are enhancing the standards. The bar is getting higher.

However, it does not just stop at the audit pass, like you we are bringing on new people and machines and constantly changing our networks for expansion. That means we need the changes to be within cyber security guidelines and we need to maintain constant vigilance with regular user tests and evidence software upgrades and security updates are happening.

Once again, we would like to thank RightCue Assurance for the audit and helpful guidance for maintaining standards in preparation for the tougher new audit in 2024.

Why should I care?

You would be concerned in a close proximity of someone coughing without putting their hand over their mouth or buying a meal in a restaurant where the chef did not wash their hands. You should be even more worried if you have a software supplier – especially as SaaS supplier – who does not maintain standards of cyber security that are audited by a reputable body. How could you trust them with your private data and mission critical system?

Please call 01344 776500 if you would like any details for this or if you are considering your own Cyber Essentials programme.

AXLR8-CyberEssentialsPlus
AXLR8 pass Cyber Essentials Plus 2022-3