Selecting a Software as a Service (SaaS) vendor for a Product Lifecyle Management (PLM) solution goes beyond just looking at application features.
Functionality is maybe only 50% of the overall value proposition. While it is important that the solution meets the businesses core needs, IT directors need to help the business choose the right solution based on technology aspects of the SaaS vendors as well.
1. I could develop a solution in-house, why should I go to an external SaaS provider?
In house development is always an option for organizations with a strong internal IT team. After all, who knows your business better? However, there are a several critical observations to take into account, particularly when sourcing a PLM solution.
- Collaboration – Typically a PLM solution will require outside partners to complete tasks and provide your business team with data. Any in-house developed solution needs to provide with external portal. In addition, any collaborative solution creates additional needs to be considered such as security, onboarding, training and self-help, communications, etc.
- Centralization – Many SaaS solution provide additional functionality outside of the core business need, as standard.
- Standardization – What market are you in? Is there an accepted standard for functionality or data? If there is, then a SaaS solution will provide the standardization that will be required. Your business team will have an expectation on functionality, and suppliers may well already be using an industry standard SaaS solution. For example – within the private label grocery industry the specifications will be similar between regions and probably exactly the same between different retailers for specific product categories.
- Legislation – Is your market heavily regulated? If it is then typically there will be a level of churn on legislation. Have you factored regular updates to the solution to keep up to date with changes and ensure that your organization remains compliant?
- Total cost of ownership – The costs of a SaaS solution are predictable over the contracted period, with no nasty surprises. This means your budget does not need to include contingency. Often the SaaS vendor will also provide professional services and training to ensure your business is getting the best out of their investment. More importantly the costs of upgrading, maintenance, and disaster recovery measures will have already been built into the subscription.
2. I could develop a solution in-house, why should I go to an external SaaS provider?
Functionality to support the business team’s requirements is still the major decision point when purchasing any kind of software. Will “Out of the Box” functionality meet all of my business’s needs? Maybe not, but the following considerations should be taken into account before a decision is made:
- Expertise – The external SaaS vendor probably knows what’s required to have the solution be viewed as successful better than your business team. In addition, the solution should provide standard functionality that meets the needs of other companies in your market. The SaaS provider can help you identify what’s really critical, and what the benefits are.
- Configuration, not customization – Most SaaS solutions offer the same level of configuration. This enables organizations to use their own terminology, process maps, and page templates without funding a risky customization project. For example, the Trace One’s solution supports the configuration of multiple stage/gate workflows and product templates to be completed via the front end. This allows for the differing processes and attribute needs of specific categories. Ultimately customization leads to inflexibility and a higher cost of maintenance – often leading to the need to replace the solution.
- Influence the future – If there is a business need that remains critical, then be aware that typically a SaaS vendor will ask their customers to help shape their road map. Effectively the solution will naturally evolve to ensure that it survives in the market place.
3. What security and governance issues should I focus on with a SaaS solution?
The following are key areas to resolve when assessing the security of SaaS vendors and solutions.
- Hosting Provider & Hosting Facility Security – Ensure that you know who will be providing the hosting, which provider, and where they are located. There are differing rule regarding data security in different countries, and many data center providers have a better reputation than other. Can the services provider supply SOC2 reports for its services, as well as its utilized data centers? This is an important requirement as this encompasses security and regulations compliance. Auditing and compliance are just 50% of the requirement. It is important to find out how the hosting vendor and SaaS provider actively enforce their controls in their working processes. Usually a conference on the subject with the cloud ops teams clarifies this.
- Data Access, Security, Segregation & Encryption – Is the SaaS solution on a dedicated or a shared environment? This is important because on a shared environment you need to assess how the data is segregated. What type of data architecture is being employed and how is security managed in the shared environment? With a SaaS solution you won’t have access to the infrastructure, hardware, or software, but someone at the provider will. What does that team structure look like? Ask for specific information on the roles & responsibilities of administrators, profiles, hiring practices etc. What application & data access audit logs are available?
- Business Continuity & Disaster Recovery – What type of business continuity and disaster recovery options are available? You should ensure that this is part of the standard services or included in your contract with the provider. What type of infrastructure exists to replicate and synchronize data between the primary and DR (Disaster Recovery) data centers? Is this available in real-time, daily? Where are the DR data centers located? Where are the data backups stored and how? Is the data in raw files or an encrypted format and who has access to this backup data?
- Identity Management, Security & Single Sign-On – What type of identity management solution is provided? Is Single Sign-On (SSO) provided? What types of SSO options are available? IS it SAML, HTTP-Fed, Open Auth. etc.? Can the SaaS solution be integrated with my existing Identity Management system?
- Support, Maintenance & Service Level Agreements – What type of support is provided? Is it self-service, email, phone or a combination of each? Ensure that the support working days and response times match your businesses requirements. This may include supporting your organizations partners. How are issues prioritized, and what are the resolution times for each of these severities? Location and language of the providers support team may need to be assessed against you user base (including business partnerships). What type of monitoring and alerting does the vendor provide? If there are integrations who covers the maintenance of these interfaces. How do you support and manage integration your existing enterprise applications? How are upgrades, patches and other maintenance performed? Will this impact working hours, and how is planned down time communicated? What type of change management and risk management procedures does the provider follow? What SLAs are available on reliability, availability, performance, etc.? Are there any penalties for non-compliance? How are issues or responses past SLA escalated?
4. Should I integrate PLM with my existing enterprise applications?
Complex integrations inevitably lead to longer deployment projects and higher implementation costs. A full cost/benefit analysis should be conducted before deciding to include integrations in the scope of implementing a SaaS and/or PLM solution within your organization. Each intended interface should be considered against the following:
- Real time or Batch file transfer
- One way or Bi-directional interfacing
- Data content
- Business rules
- Timing of integration
If the data transfer need is daily rather than per transaction / user action then consider batch file transfer, particularly if the data flow is in only one direction (inbound or outbound, not both). Should you even be trying to integrate solutions when the data need is not transactional? Perhaps integration at the data warehouse level for analysis and reporting would be more appropriate.
Real time interfaces will need API’s and Web services. Many SaaS solutions offer a set of “standard” API’s but will these actually meet your needs. Some configuration or even development may be required to accurately map business rules and provide the required data content. This should be identified and scoped early on, and a review of the security protocols used for the API’s.
5. Will a SaaS solution meet my businesses reporting needs?
IT directors often ask this question. With data being hosted outside of their organization, there is a fear that they will not have the ability to access it for reporting. A SaaS solution should provide both decision support reporting (operational) and business intelligence reporting (strategic).
You need to assess the solutions ability to provide flexible decision support. Does the solution allow users to create their own reports? Can parameters be set to filter the results? Can the results be displayed in graphs and other visualizations? You don’t necessarily want user to have to resort to business intelligence for answers to quick questions.
Conversely when assessing how the solutions data can support more strategic analysis, you must ask yourself if the data it provides enables full business intelligence. The answer is probably not. You may want to get the data out and combine this with other corporate data to really be able to make strategic decisions and assess your organizations performance. Typically, this is done through some form of data extraction process into your own data warehouse as the SaaS solution is hosted externally and the sensitive data you need is inside your firewall.
6. What does a SaaS PLM solution really cost and how is the pricing scoped?
SaaS solutions are usually based around an annual subscription cost. What this cost covers and the basis of scoping the cost will depend on what the solution provides and the vendor. At Trace One the cost of our PLM is based on the value that the client receives. This is calculated using the number of products and suppliers the solution is used to manage. The subscription includes all upgrades, maintenance, and support.
Perhaps a more interesting question should be how the solution is funded (i.e. who is paying for the service). Both retailers and suppliers get benefits from a collaborative PLM solution, particularly if collaboration services to create strong partnerships are included. In this case a hybrid funding model may be an option, with both the retailer and their suppliers paying for the solution and services that are being received.