You wouldn’t go skydiving without a trusted instructor or a working parachute.
So why take the risk of choosing a subpar technology partner by not including your Information Technology or Information Security teams in the RFP process?
If you’re thinking of adopting a new Benefits Administration Technology partner, you should involve your IT department early and throughout the RFP development, review and decision processes.
With great power comes great responsibility, and the same goes for a new technology partner. The SaaS industry is becoming quicker, more streamlined, and more easily accessible without utilizing IT. But, with that ease of technology implementation, comes great responsibility to keep important data safe. To avoid unnecessary risk and a potential disaster due to a data breach, look to your very own internal experts to help you develop the right questions and evaluate the answers in your next RFP.
The IT department’s role is changing.
Previously, it was the IT department’s role to own the technology that was being implemented at an organization — the keeper of the keys. But now, with the ease of SaaS implementation, IT’s role is shifting from being owners of the technology to trusted advisors and key stakeholders who can aide in the decision process. Depending on the organization, this could be a significant mental or organizational shift for them. But leveraging their expertise to ensure you are appropriately managing your risk will be key to the success and modernization of your business.
When you are considering adopting a new service, bring your IT team into the discussions as early as you can so they can help you develop key questions in your RFP that will reveal whether or not your next technology partner is a good fit.
IT knows what to look for under the hood.
To bring you a real-world example, we were looking to procure a new SaaS application for streamlining some internal backend office functionality. The project owner set up demos and really liked a certain product. The department driving the decision really liked the product as well. However, when we started to look under the hood at the new product’s audit reporting, use of third-party vendors/ providers, and overall state of information risk management, it was very obvious that the potential vendor was passing off a lot of smoke and mirrors and presented significant risk to the information we wanted to maintain on the platform. Needless to say, we had to pull the plug.
Additionally, your IT department will be able to leverage resources you may not be aware of, such as Cloud Security Alliance’s “Consensus Assessments Initiative Questionnaire” to help your organization properly assess the risks with engaging a new SaaS provider.
They know the right questions to ask.
Because they are in the thick of data and data security every day, they know the right questions to ask to get the desired results. For example:
- Can you describe the technical controls you have in place to restrict administrative access to your back end systems?
- How do you secure mobile devices used within your environment?
- What type of 3rd party reviews and testing are performed to identify potential vulnerabilities or areas of risk?
The RFP process is a long road, and one you don’t have to travel alone. Bringing in your own internal experts can help save time, effort, and eventually, help instigate a fruitful technology partnership with a vendor that’s right for your organization.
Do you need more tips to developing a stellar RFP? Download our guide, The Art of Writing an RFP below.