Subscribe to our YouTube channel

Tricia Dunlap, Esq.

~3-4 minute read

SaaS Vendor Evaluation: 3 Criteria For Choosing Software

This is part three of a three-part series on choosing software and what SaaS vendor is right for your business. In part one, I talked about principles around data privacy that your business should consider and potentially adopt. Starting with solid data privacy principles is an important first step in cybersecurity.

Part two in this series gave you five tips on how to take a long list of potential vendors and cross a few off, so you get down to a short list. This is part three and I’ll give you three tips on how to do a deeper Saas vendor evaluation, so that you can go from a short list, down to one vendor that is best for your business.

1. What Data Is Shared

First of all, you need to consider what kind of data is being shared with the potential vendor. What are they collecting from your business? How are they going to using it? And who among their staff will have access to your data? In an ideal world, nobody on their staff will have access to your data. However, that may not necessarily be feasible depending on what the platform is intending to do.

During a SaaS vendor evaluation you need to think carefully about what data the vendor will be collecting from your business, and who on the data staff is going to have access to that, or on the vendor’s staff is going to have access to that data.

2. Encrypt and Store Data in the U.S.

Choose vendors that store data in US-based data centers and encrypt the data, both while it’s being stored in their data center, and also while it’s in transit. You’re looking for encryption, whether data’s being uploaded, downloaded, or whether you are browsing on the vendor’s platform using a web browser.

3. Minimize Data Collection

You should prioritize vendors that minimize data collection. I talked about data collection as a principle in part one on this series, if you haven’t read it, you should go check that out, that’s an important principle to understand. You want to be sure that the vendor you choose has the same principle that they have adopted.

Data minimization means that neither you, nor your vendor, will collect any information that isn’t legitimately necessary for the business purpose. So you, and your vendor, both need to have clear protocols around when, and how, data will be collected, also when and how it will be deleted. Ideally they will have privacy by design principles baked into their default privacy settings so that all of the default settings of the vendor should be enhancing privacy as a default.

Choosing Software Wisely

Now, the last thing to think about for a SaaS vendor evaluation is there can often be a disconnect between the promises a vendor makes in their promotional materials and what actually shows up in the contract that they send you when you go to sign on and commit to their service.

I have seen it time and again where one of my clients had a breach, and they come to me, and we begin to look through the contract that they signed, and they didn’t have a lawyer look at it before they signed it (5 Reasons Your Business Needs a Contract Review Lawyer), and there are massive gaps in that contract that fail to protect them, and the contracts often are very friendly toward the vendor. It’s really important to make sure that the promises the vendor makes and the binding commitments in the contract are aligned and fit with one another.

If you need help with your SaaS vendor evaluation, that’s what we do every single day. So I hope you’ll get in touch.

Make sure to subscribe to our YouTube channel so you can see new videos on data privacy, choosing software, and other business law topics! Also, like us on Facebook and LinkedIn.