What Nonprofits Should Look for in a SaaS Provider
The nonprofit sector has witnessed an explosion in the number of online application vendors providing products designed to help organizations achieve their mission. From fundraising to e-communication to accounting solutions, there are many vendors vying for the opportunity to help nonprofits harness the power of the Internet.
Understanding the benefits of software as a service (SaaS) vs. traditional on-premise software, organizations are faced with the task of selecting the SaaS provider with which to partner. But what should organizations be looking for during the SaaS vendor selection process beyond the usual product feature comparison? This paper identifies the foundational selection criteria for nonprofits to consider when choosing their SaaS partner.
Looking beyond the immediate
The first order of business for most nonprofits researching a software as a service provider is to gain a thorough understanding of the product features and determine whether it meets their existing needs. This means that nonprofits often assess vendors without considering future organizational growth that may necessitate additional software applications or more robust functionality.
For example, you may only need a content management system for your nonprofit’s Web site today — but will you outgrow your existing database or donor management system in the next few years? With this in mind, would you want to consider a vendor with a CMS product that connects directly to a database? And will your new Web site have online donation capabilities? Would you need to consider an accounting system that integrates with your online donations and donor database?
This line of thinking can prevent nonprofits from limiting their growth — or avoiding a costly mistake — by planning ahead for the organization’s future software needs.
Comprehensive solutions vs. one- (or three-) hit wonders
As organizations contemplate and plan for their future technology needs, it’s important to identify whether the vendor offers a comprehensive solution designed to help you raise more money, reach more people and run more efficiently — or whether the vendor is limited to just a few individual applications. For example, a nonprofit shopping for a fundraising solution will be met by possibly dozens of vendors selling fundraising solutions. But what is the depth of their overall offering? What is the company’s vision for their fundraising product and how does it fit into the overall needs of the nonprofit sector?
Companies that specialize in one product or even offer multiple products that meet some of a nonprofit’s needs may prove challenging to a nonprofit, if selected. Vendors that presently only solve a few of the sector’s organizational needs are already outdated in the rapidly evolving nonprofit software market. Nonprofits are growing and need to be prepared for the baby boomers, who represent almost 30 percent of the U.S. population, according to the U.S. Department of Health and Human Services. By 2015, all baby boomers will be over age 50. According to the Associated Press, people over age 50 control more than $7 trillion in personal wealth today and once the rest of the baby boomers pass the half-century mark, those numbers will be even higher.
Companies that don’t yet offer capabilities such as accounting, wealth screening and donor-advised funds as part of their overall solution are already behind the technology curve. Can today’s nonprofits afford not to partner with vendors that have already invested in and prepared for the nonprofit sector’s future needs and growth?
Unified we stand
In addition to a comprehensive solution suite, it is just as important for organizations to select a software as a service vendor that offers a unified platform. While nonprofits need to plan for the day they need a full suite of SaaS applications, some organizations are simply not ready to make a complete transition. As such, nonprofits should look for SaaS vendors in which one or multiple applications can be easily initiated any time. In addition, a unified platform means that nonprofits can benefit from the collection, storage and analysis of all data from all associated applications in one unified database, accessible online to the organization via a simple, Web-based interface.
For example, a nonprofit may initially only need an e-communications system for its broadcast e-mails, e-newsletters and direct-mail campaigns. With a unified platform, all interactions and activities associated with these campaigns are captured in the nonprofit’s online system and will remain there to be leveraged when the organization activates additional applications on the platform, such as a donor-management or advocacy system. Unified platforms enable the collection and analysis of information that is critical to both an organization’s survival and its growth, allowing the outcomes to be shared and utilized across departments, chapters and even organization-wide. This free-flow of information helps nonprofits learn and distribute best practices, getting internal players working from the same set of data. In contrast, nonprofits that don’t use vendors with unified platforms generate additional information “silos” and databases, resulting in a lack of useful business analysis and intelligence.
Flexibility — plus
One of the most common complaints about software as a service providers is the lack of flexibility and customization that clients are afforded. According to industry analyst firm Aberdeen Group, “most SaaS vendors limit customization and instead use Web technology to enable customers to create unique configurations of the application.”
A survey by IDC indicated that customization was the top concern about buying constituent relationship management (CRM) software as a service for 70 percent of respondents. In the same survey, 55 percent of respondents listed robust functionality as their top concern.
Depending on an organization’s needs and size, they may need additional configuration and/or customization beyond the standard SaaS offerings available in the marketplace. Given the multitenant architecture of software as a service — meaning that a single instance of the hosted application is capable of servicing all clients — a variety of configurable options are key in order for nonprofits to adapt their view of the application to meet their unique organizational needs. For example, are you able to rename data fields or add custom fields? Can workflow be reconfigured to match your organization’s processes?
During the selection process, nonprofits should weed out prepackaged, “cookie-cutter” solutions from those with the ability to customize design and function. Software built to be “one size fits all” is simply not going to meet either the immediate or long-term needs of most nonprofit organizations. Flexible product architecture is critical to ensuring that client customizations aren’t costly to the nonprofit in terms of both price and time. Some vendors even require two to three weeks for each change clients want to make to their Web site or SaaS solution. Many of these changes then become lost or “broken” each time the provider releases product updates or upgrades.
Made for whom?
As anyone in the charitable sector knows, nonprofit organizations have very different structures, processes and needs than commercial, for-profit companies. So why would a nonprofit select a SaaS solution designed with the enterprise in mind?
Many commercial SaaS vendors view the nonprofit industry as a “hot” market and as such, are aggressively marketing their existing software solutions to nonprofit organizations. While these products offer many features and functionality impressive to for-profit companies, the solutions weren’t designed for nonprofits and therefore, can’t effectively meet their organizational needs. For example, commercial vendors offering customer relationship management (CRM) software don’t provide online fundraising, Web site support/CMS, or e-communications capabilities — all imperative to meeting a nonprofit’s need to raise more money, reach more people and run more effectively. In addition, while these CRM products could possibly be used in the nonprofit sector, the customized changes needed to function appropriately in a nonprofit environment would require too much time and expense — or you may end up paying for the full product, but only using the fraction of the functionality that’s relevant to nonprofits.
Frequency, frequency, frequency
One of the many benefits to selecting a SaaS vendor vs. a traditional on-premise provider is instant access to the most up-to-date software available. Software as a service providers relieve nonprofits from the burden of regularly updating software by taking care of system updates and maintenance automatically and invisibly — ensuring that organizations using software as a service are always ahead of the technology curve.
To reap this benefit, nonprofits must partner with a vendor that follows a frequent upgrade release schedule. For example, a SaaS provider that schedules major upgrades every 12 to 18 months is not keeping its nonprofit clients consistently ahead of the technology curve. Organizations should ask whether software upgrades are built into the design process and how frequently upgrades occur — for example, major upgrades scheduled on a quarterly basis are reasonable. Also, upgrades should occur after business hours to limit disruption to the client organization. In addition, SaaS vendors typically offer upgrades to existing product lines without charge, while new product features and functionality are usually introduced and activated for an additional fee.
Integrating software as a service with existing business systems to provide useable intelligence with minimal hassle is a top priority for nonprofits considering the move to SaaS. The key to selecting a SaaS vendor with proven strength in integrating backend databases and systems is twofold: depth and breadth. A nonprofit will certainly want to know whether the vendor has previously integrated its solution with the nonprofit’s existing database. However, the extent of experience the provider has integrating those two products is also important. Has the provider integrated with that database once or multiple times? How many years of experience does the vendor have with that integration? For how many customers has the provider performed this particular integration? Proven capabilities in the needed integration spanning several years and several clients are a good benchmark.
Another key threshold is the provider’s scope of integration experience — even with database systems you’re not using. Understanding how many platforms they’ve integrated, as well as the size and experience of their integration team or department, is necessary to determining the provider’s investment and commitment to client integrations.
Do you ever feel like it’s next to impossible to reach a person when contacting some of your vendors? For many nonprofits, electronic customer support is the only option their vendors provide — and it simply isn’t viable for their business needs.
To help ensure an organization’s SaaS technology investment is running at its highest performance to meet their specific needs, nonprofits should seek to understand the structure and options available for technical support at the SaaS vendor. Companies that offer multi-tiered support structures were designed with nonprofits in mind to help with the varying requirements, staff expertise and operational complexity that exist within the sector.
As a baseline, vendors should provide nonprofits with access to an online solutions database and the ability to submit inquiries online. In addition, tiered support levels could offer a variety of options including dedicated account management, ongoing management and maintenance, quarterly reporting and review, semiannual health checks, priority customer service response time, and 24/7 phone support.
By selecting a vendor that has made an investment in its support infrastructure, nonprofits ensure that they are partnering with a provider for which service and support is a priority. In addition, vendors with multiple customer support tiers offer nonprofits the flexibility to obtain the support that’s right for them.
State-of-the-art data security
The question on most nonprofit professionals’ minds surrounding software as a service is, “Will my data be secure with a SaaS provider?” The answer is: It depends on the vendor.
Data security is one area where no nonprofit can afford to compromise or skimp in their vendor selection. To ensure their SaaS vendor upholds the highest level of security available on the Internet, nonprofits must insist on using providers that are both PCI and SAS 70 Type II compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is the result of a collaboration between Visa and MasterCard to create common industry security requirements. All major credit card companies in the U.S. have endorsed the guidelines of this standard. Any entity that stores, processes, transmits or comes into contact with cardholder data has been required to attain PCI compliance as of June 30, 2005.
The 12-point PCI data security standard also requires that organizations provide proof of compliance annually and submit to network scans performed by an independent vendor on a quarterly basis. SaaS providers that are not PCI compliant cannot guarantee the security of sensitive data to the same extent as PCI compliant vendors.
Nonprofits must also insist upon working with SaaS providers that have completed a SAS 70 Type II audit of their controls and procedures to ensure maximum data security. In today’s business environment, service organizations and providers, such as SaaS vendors, must demonstrate that they have adequate controls and safeguards when hosting data belonging to their customers. In addition, Sarbanes-Oxley now mandates that CEOs and CFOs of publicly traded companies take personal responsibility for the effectiveness of internal control over financial reporting. As a result, the SAS 70 audit is a preferred method of providing assurance for service organization clients subject to Section 404 of Sarbanes-Oxley. Private companies do not face the same requirements — and subsequently, data safeguards — as public companies.
SAS 70 compliance requires IT controls, such as database access, data transmissions, data backup and recovery, and application security; personnel controls, such as the logging of all access and activity, no user permissions to servers or data without specific procedures, and the logging of all access and activity; and financial controls, such as payable controls, consistent auditing of balances, and enforced role definition and separation.
Both PCI and SAS 70 compliance are absolute imperatives for nonprofits in the SaaS vendor selection process, so insist on seeing a vendor’s PCI and SAS 70 compliance certificates.
Performance. Reliability. ’Nuff said.
Nonprofits rely on their Web sites and technology systems to be available and operating in order to communicate effectively and collect donations — the lifeblood that makes their mission possible. Therefore, performance and reliability are of the utmost importance during the SaaS vendor selection process.
High-visibility disasters, such as the tsunami and Gulf Coast hurricanes, are not the time to discover the subpar architecture of your SaaS vendor. For example, when the quantity of online donations and Web activity threatened to overwhelm the online systems of the leading recipient of charitable donations during Hurricane Katrina, the organization needed to distribute traffic to other Web sites that were accepting contributions on its behalf. Nonprofits need to partner with providers whose systems are designed to withstand high volume and who have a proven track record of processing millions of Web site visitors and financial transactions at peak loads.
The management and location of infrastructure, software, hardware and equipment are of critical importance. Does the vendor manage the infrastructure and equipment themselves or outsource to a third party? Is the equipment located at the SaaS provider’s facility or at a Tier 1 data center? If at their own location, what happens in the event of a fire or other emergency? If residing at a data center, is there also a fail-over backup center? Each data center should offer multiple high-speed Internet connections, ensuring peak capacity handling and fail-over redundancy should any single connection fail. In addition, the vendor’s systems should be managed 24/7 with state-of-the-art network monitoring and automated fail-over/backup.
Vendors offering a multitenant, service-oriented architecture manage scalability to grow with their client base. For nonprofits with transaction processing needs, it is important to ensure providers maintain a payment gateway and connectivity to multiple payment processors for real-time transaction processing, thus ensuring 99.99 percent up-time (other than for scheduled maintenance).
Nonprofits should insist on the following services from their SaaS vendor to ensure peak performance and reliability: 24/7 phone and Web support, a disaster recovery guarantee, application availability, a service level agreement (SLA), reparations if terms of the SLA are not met, and a testing environment and other test resources.
Steady like a rock
In the relatively emergent SaaS market, it’s important to partner with a provider that will stand the test of time — and be able to support your software application and technology needs for years to come. One of the best ways to ensure that your software as a service vendor will be around for the long term — and protect yourself against losing your technology investment — is to partner with a publicly traded company. Financial information at public companies is public information and must be disclosed at regular intervals. Therefore, what you see is what you get. Public companies also often have ready access to capital and receive regular interest from new investors.
In contrast, privately held vendors — and there are many in the SaaS space — are not obligated to disclose information about their financial health. They can also be selective about the financial information they disclose, such as sharing revenue information without losses or bottom-line figures, and financial reporting is rarely audited.
It’s important for nonprofits to understand how vendors are investing their money. For example, how much have they invested in their technology architecture? In securing your data in a world-class facility? Knowing where their money goes helps nonprofits understand the vendor’s priorities.
In addition, organizations should work to understand the vendor’s intrinsic value within the nonprofit sector. For example, a provider with 10,000 nonprofit accounts that has helped its client base raise hundreds of millions of dollars is far more integral to the nonprofit sector than a vendor with 1,000 nonprofit accounts who has helped raise $5 million, for example. Also, are major national nonprofit organizations among its client base, thereby demonstrating that financial health requirements have been met? Key vendors in the SaaS market are far too integral to their clients’ businesses to disappear.
Additional factors to consider in the selection process include year-over-year revenue growth, burn rate and cash.
He said, she said
Last but certainly not least, nonprofits should speak with customers of each SaaS vendor under review. Understanding their experiences with the product and company will prove invaluable in obtaining a realistic view of what a partnership with that vendor would be like. In addition, this is a great indication of how established the provider is in the sector and the type of market traction the company has gained. With customers serving as references, the company is most likely a leader in the emerging SaaS industry and an established, revenue-generating company that will be around for years to come.
Nonprofits face a daunting task when selecting a software as a service vendor amid the throngs of providers. But looking beyond a product feature comparison, to consider factors such as security, performance and integration experience, can render organizations better equipped to make informed decisions that cover a multitude of bases. The foundational selection criteria for nonprofits to consider when choosing their SaaS partner will lead organizations to stronger SaaS vendor partnerships — and result in less time spent managing vendors and more time spent achieving their mission.
This whitepaper is reprinted with permission from Kintera.