25th July 2014
Three or four months earlier…
Indeed this starts like any B-list movie with the special feature that it can become a Hollywood blockbuster, if you bear in mind some details.
When the procurement committee evaluates different providers of the same service, it is obviously important to compare features and price. But there are other factors to consider, such as:
- Roadmap: a cloud service may or may not adjust completely to our needs and it is essential to consider whether there will be convergence in the near future or at least, in the mid-term.
- Flexibility: the provider’s intention to implement some of our requirements which are at present not included in the platform. Is this a closed environment or will it continue to evolve?
- Service level: together with the service offer and contract, the SLA (Service Level Agreement) must be included. This document must describe the liabilities of the provider and the customer under the service, the definition of the priority of incidences and resolution times in relation to these priorities. Yes, you read that right. The customer also has responsibilities and we must make sure that as an organization we have the structure needed to support the new scenario.
- Certifications and security: HR solutions are very demanding of security levels. This happens in two ways: on one hand we have to be sure that there will always be suitable contingency set aside in the face of a potential disaster, like the Twin Towers in 2011 or the Haiti Earthquake in 2010, or a specific incidence of data loss. This point must be reflected in the SLA.
On the other hand, our data must be protected with a clear understanding of access flows. According to data protection regulations the data handled by an HR application are usually mid level, but in some environments like hospitals, they may be even of a higher level. This brings forth a series of extra measures from the provider which we should be aware of. The requirements of the data protection act affect us as a company and our providers. Data protection requirements affect us as a company and our providers, when handling our data.
Apart from compliance with legal data protection regulations, it is important to have security certification like ISO 27001. Why? Because it offers the following advantages for the customer:
- Demonstrates the provider’s real concern for the security of our data. Our information is not only important to us, but also to them.
- It is an independent verification that the potential operational risks are being identified, evaluated and managed. Data protection is documented and managed through formal processes.
- There is a regular assessment process that helps to establish continual improvement.
And of course, a very important point couldn’t be left out. Something we take for granted, but that is not always included in the service: quality. It’s vital to understand how the provider ensures customer satisfaction, what is his standard of quality and the methodology used to define, process, and evolve the services we buy. It is difficult to ensure upfront a perfect fit between organizations. Surely it is a good start.
After signing the contract…
Now reality starts.
We need to start the project for adapting our current environment to our virtual environment. Data entry and the different stages of customization involve functional analysis. The responsibility for implementing each task will have been reflected in the service offering.
Once the environment is ready for production, we must demand from the provider a work and/or implementation plan. This is a document that details all service monitoring and operation tasks. Of course we will have to provide manuals on the tools to use. This point includes not just the software itself, but also the support and operational tools.
Ultimately tracking the service is essential, not only for the client but also the provider. For us, it’s crucial to understand that we are effectively receiving the service we pay for. For the provider it is vital to know our level of satisfaction, whether we can become a customer reference, and above all, whether we will contract the service again in the future.
If we have taken these points into account, then we will have a happy ending. There will have been established a wonderful relationship between the provider and our organization which will lead to a beautiful love story. And best of all, it will be a serious, formal and lasting story in which all parties will have won. This isn’t the magic of cinema, but of things well done.