It’s no secret that most insurers have recognized the benefits of leveraging the cloud, as it enables accelerated growth opportunities while better positioning them to keep up with rapidly evolving customer expectations. For those just beginning their strategic discussions about cloud migration, it can be an overwhelming task to know where to begin. Migrating to the cloud is a big decision, and deciding on the model and partner that fits your specific needs is a critical first step.
Leveraging a software as a service (SaaS) approach and selecting a provider to be responsible for application management enables insurers to focus on their core competencies and better utilize capital and resources. But not just any SaaS provider will meet your organization’s needs, and their respective cloud environments are not all created equally. The differences aren’t always easy to see. To get started, there are several areas to focus on in determining which SaaS provider is the best fit for your organization, including reputation, market leadership, years of experience, etc. In addition, a thorough exploration of the providers’ service level agreements is critical, as SLAs can be vastly different from one provider to another.
Who’s Who in SaaS?
Once your organization has defined what it requires from a SaaS provider, such as integrated third-party services, security and compliance requirements, the ability to scale to support future growth, etc., it’s important to make sure that any provider you consider can meet—or better yet exceed—these needs.
In order to ensure you’re choosing the best fit for your organization, look for SaaS providers who not only have vast experience, but are able to have in-depth discussions around how they can help solve your specific business challenges, and meet your strategic goals. Asking questions about their technology, product roadmap, security, reliability, and performance will be very useful in determining which provider will be the best long-term partner.
Service Level Agreements are (Almost) Everything
When it comes to migration to the cloud, it is imperative that you fully understand what you’re getting and what to expect at every step of the migration process. SaaS providers commonly don’t publish their SLAs, so it’s important that the providers you are considering are transparent and committed to helping you fully understand what each service level entails and how it could impact your organization. Be sure to ask questions and align your priorities and goals, as certain aspects of a provider’s SLA might make or break the potential partnership. Below are 10 of the most significant components in a SaaS SLA, and tips for comparing providers.
- Availability. The SLA should include a system availability commitment that clearly states the percentage of time the application will be available. This measurement of availability should also incorporate critical access to third-party services made available from the SaaS provider’s platform. The percentage of system uptime and the historical usage of scheduled maintenance should also be outlined. In addition, the SaaS provider should be able to provide its historical availability performance to support their commitment.
- Security. The SaaS provider must be able to provide its documented security policies, along with evidence that these policies are being followed.
- Compliance and Audit. The SaaS provider should clearly state how and when its infosec controls are audited and make the audit results available to clients. A standard such as SOC and/or NIST should be used for the basis of the audit, which is conducted by a reputable third-party on an annual basis.
- Performance. The SaaS provider must clearly state its system response time objective and should have a monitoring solution that can objectively measure performance commitments outlined in their availability SLA.
- Data Privacy. The SaaS provider should clearly state how client data is secured including encryption algorithms, how each client’s data is isolated from other clients, and the controls in place with regard to third-party data access.
- Data Residency. The SaaS provider must be able to clearly identify where a client’s data is stored and how it is accessed, and demonstrate that the applicable data governance requirements are respected and enforced.
- Business Continuity. The SaaS provider must outline its disaster recovery plan, explicitly stating the geographic locations of their primary and secondary hosting environments, and the associated recovery time objective (RTO) and recovery point objective (RPO) commitments. A disaster recovery model that meets the business needs should be included as part of the SaaS provider’s standard offering.
- Client Support. The SaaS provider should clearly outline its client support model and how it will be able to support the client’s specific business and technical needs.
- Maintenance. The SaaS provider should clearly outline the types of maintenance tasks it performs (service-impacting and non-service-impacting), the frequency and duration of these activities, and the associated annual maintenance window schedule.
- Geographic Presence. The SaaS provider must ensure that its cloud operations and client support organizations are available to support the client’s business needs in all relevant geographies.
What makes a credible SaaS provider? Experience, a large and diverse client base, and a history of exceeding service levels are all critically important. Doing the up-front research to ensure that the SaaS provider you choose will be able to deliver on its promises and meet your expectations is key in setting up your organization for future growth and success.
The Ultimate SaaS SLA Checklist