Considering new software?

Only my second post on here, so I  thought I would make it something useful.

One of the most common things all businesses will do at some point will be to purchase new software or new cloud services.

I have written before about things to be aware of when considering cloud services, won’t rehash it here but if you are interested you can read them at these links:

When choosing a system,vendor or cloud service you need to approach it in a rigorous manner.

Any of the steps below can be bypassed except step 1,4 and 5.

For example if you already have a shortlist or know who you want to request a quotation from, you can ignore some of the Vendor steps.

1. Analyse the business requirements.
a. What are you requirements? What functions or objectives must be met? Define all your business requirements.
b. After listing put them in priority order in a spreadsheet. Each row will be the requirement, each column will be the name of each vendor.

2. Vendor Search.
a. Compile a list of Vendors
b. Select which ones you want to request information from.
c. Request for Information (RFI)
d. Shortlist Vendors.

3. Request for Proposal and Quotation. From the shortlist you need to send a brief outlining your requirements you collated in step 1. Depending on the vendor this may take a while or have a lot of to-ing and fro-ing.

4. Proposal Evaluation and Selection.
a. At this point you will go back to your spreadsheet and add additional requirements regarding financial and budgetary constraints.
b. Mark your vendor against these constraints\requirements based on the information returned.

5. Contract and Service Negotiation.
a. Use the spreadsheet to provide assistance along with any other relevant information. Choose the vendor and start negotiation on contract terms listed but not restricted to those below.
i. Cost
ii. Service Level Agreement
iii. Term of contract or agreement
iv. Cancellation
v. Insurance.

At the end of it you can still go with a gut feel but now you can back it up with solid information.

If you would like some templates to run through drop me an email to, I have basic questionnaires and a template spreadsheet.


2 thoughts on “Considering new software?

  • Conciser; Data Protection and the EU Directive meaning no sensitive data from the UK can leave Europe.

    The age and reputation of a company holding your data is also important; you don’t want sensitive client data being obtained via a “cloud service” that does not test its security often.

    One easy way to tell; is to find out how they handled the heartbleed ssl bug that was patched before it become widely known exploit. Have they patched it now its well known? or was their security tight enough to ensure SSL update that was pushed was implemented before it hit the news.

  • Hi Adam, good points. Age and reputation are indicators but are by no means a reliable one, else we would trust all major brands. There would be no space for the new boys on the block.

    The key will be down to how you approach your due diligence and what your appetite for risk is balanced against the costs and perceived value.

    The heartbleed bug is one instance but I generally ask questions regarding independent tests and certifications. What proof do they have that they follow and adhere to the standards. What references are they willing to give and how do they fair when I perform my own analysis, research on the web. You could go on and on – ultimately you will continue until you are satisfied and can make the choice.

    The start would be to have a structured process and then qualify and customise as you require depending on the service, software, sensitivity and requirements, etc….


Leave a Reply