You are on page 1of 5


Toolkit: Conduct SaaS Pre-RFP Planning to

Prevent Unforeseen Risks When Selecting a
SaaS Provider
Published: 26 August 2013

Analyst(s): Gayla Sullivan, Alexa Bona

IT procurement professionals can use this Toolkit to educate stakeholders

and develop SaaS RFP criteria that mitigate the devastating impacts from
selecting SaaS providers with hastily developed criteria. Prioritize
functionality and innovation against cost and risk to the organization.

When to Use

SaaS contracts are on the rise, and all too often, they are entered into without sufficient planning or
consideration of resultant impacts that increase both costs and risks. Stakeholders often have
authority to sign SaaS agreements, but may not have the time to properly evaluate providers or to
review and negotiate their contracts. This problem is also exacerbated when some SaaS providers
present their agreements as "take it or leave it" or nonnegotiable. IT procurement professionals
must help stakeholders understand the true risks and ramifications of SaaS models and contracts
to protect the enterprise from unforeseen negative consequences.

Cloud models challenge IT procurement professionals to seek new and workable IT procurement
governance models to ensure that the purchase of IT products and services outside of their purview
is still cost-effective and reduces risk. Working through a checklist collaboratively to arm the
enterprise against risk can be a step in the right direction, which this Toolkit provides for use during
the requirements-gathering phase of the SaaS sourcing initiative.
Educate and Collaborate With Stakeholders
While delegations of authority may be fixed from a signatory perspective, stakeholders can still be
educated about the risks of SaaS applications upfront, before agreements are signed. IT
procurement professionals can provide a valued service in gathering requirements and criteria for
SaaS RFPs and contracts, which saves stakeholders time, while protecting the enterprise against
undue costs and risks. Using the checklist to identify areas of critical concern will help stakeholders
focus on what's most important and to more rapidly isolate those items.
This template also addresses key areas to consider in terms of methods by which SaaS
engagements might help organizations reach IT and enterprise-level goals and objectives. Planning

ahead ensures that key performance metrics are included in the RFP, as well as in the final contract,
to track and manage the right service levels.
Use this Toolkit prior to issuance of an RFP for SaaS applications. It is a tool for the IT procurement
professional, but also for the various teams that may be affected by SaaS engagements. Security
and risk personnel, as well as legal and vendor performance management groups, should all be
considered as valuable collaborators to work through the topics addressed within the template. Add
your own areas of concern, and continue to expand the topics in the checklist as you experience
lessons learned with SaaS providers.
Where applicable, we have provided insight with regard to whether certain terms may be negotiable
with suppliers (for more information on these terms, see "Toolkit: SaaS Contract Negotiation").
While there are few standards developing in SaaS agreements, there are observable trends, and we
have shared these where known.

Customize and Prioritize the Checklist

You may wish to add columns to track ownership and stakeholder contacts for specific items. This
can also be a tool to assign reviewers to specific sections of the RFP during the scoring process, if
you so desire. Customize the Toolkit to add columns that fit your business or industry, as you deem
Go through the checklist, and complete all relevant areas, taking the time to engage in candid
discussions with the key stakeholders who will most be affected by the acquisition. Consider
including cost center owners, security and risk personnel, vendor management teams, and legal
representatives in these discussions.
Use the checklist to draft RFP requirements and questions that will be presented to the vendor
candidates during an RFP. Once vendors are down-selected, or there is a finalist, before negotiating
the agreement, review your checklist once again to ensure that priorities are still clear and to ensure
that no critical elements are left behind.
Prioritization is key. Know and understand what is important to your enterprise, and what you might
give up for something of greater value. For example, classification of data is an excellent
prioritization mechanism for security requirements. If the SaaS initiative involves cloud storage of
highly sensitive data, high levels of security should be a top priority and will typically trump all other
sections, including pricing.
It is unlikely that you will be able to mitigate all risks associated with SaaS providers. However,
ensuring that you have a clear understanding of what is critical for your organization and planning
for this in advance will result in improved outcomes in performance, cost and risk management.
Having a clear, prioritized approach will also speed up proceedings in situations where time to
market is a key driver for a SaaS capability.

Page 2 of 5

Gartner, Inc. | G00249347

How to Use This Toolkit for SaaS RFP Planning

This Toolkit provides items to review with stakeholders and questions to ask to frame discussions
around expectations, requirements and criteria. The section headers reveal the key topics covered.
There is a Y/N column to use to ensure that the topic has been addressed or is under review. The
column entitled "determining factors" presents thought-provoking questions that may trigger
prioritization of criteria or a determination that a particular factor is a "deal breaker" or a "must
have" for the SaaS engagement to move forward. "Actions required" are recommendations for you
to take steps to address the key topic.
Some sections have columns for "preferred language" and "alternative language." These columns
are placeholders for IT procurement teams to populate with preapproved contract language to be
used during the RFP to obtain agreement in advance or during the contract negotiation phase. The
"preferred language" column represents the contractual position of greatest benefit for your
organization. "Alternative language" is contract language that is also preapproved but represents
the compromise that would still be a win for your entity. Note: Do not include "alternative language"
in the RFP, nor reveal it to your potential suppliers until you have attempted to negotiate for
preferred language.
Finally, the "date completed" column is provided to track progress in the SaaS planning process.

Downloadable Attachments
Use this Toolkit as a general guideline regarding what requirements to gather from stakeholders and
what criteria to consider before releasing an RFP for SaaS applications, and negotiating the
resulting contracts. Consider these key areas to review and plan for sections of the RFP and
contract to minimize cost and risk.

Recommended Reading
Some documents may not be available as part of your current Gartner subscription.
"Ten Ways to Avoid SaaS Delivery Problems and Protect Your Organization"
"Toolkit: SaaS Contract Negotiation"
"Cloud Contracts Need Security Service Levels to Better Manage Risk"
"Toolkit: SaaS Security Decision Framework"
"Speed Up Cloud Service Selection Using a Deal 'Sweet-Spot' Analysis"

Gartner, Inc. | G00249347

Page 3 of 5

"The Four Key Risks of Developing and Executing a Cloud Sourcing Strategy"

Over a 24-month period ending May 2013, Gartner's sourcing, procurement and IT asset
management team took 3,147 inquiries from clients related to cloud sourcing.

Gartner surveyed 81 IT procurement and asset management professionals in 4Q12 who were
attending Gartner's IT financial, procurement and asset management summits in Orlando, Florida,
and in London. In this survey, we asked, ''During fiscal-year 2012, how involved have you been in
negotiating your organization's cloud contracts?'' The majority 58% said they had hardly been
involved, with 19% suggesting light involvement, and only 15% stating they were heavily involved.

In producing this analysis, Gartner has reviewed more than 150 different SaaS provider master
service agreements.

Unless otherwise marked for external use, the items in this Gartner Toolkit are for
internal noncommercial use by the licensed Gartner client. The materials contained in
this Toolkit may not be repackaged or resold. Gartner makes no representations or
warranties as to the suitability of this Toolkit for any particular purpose, and disclaims
all liabilities for any damages, whether direct, consequential, incidental or special,
arising out of the use of or inability to use this material or the information provided

More on This Topic

This is part of an in-depth collection of research. See the collection:

How to Ease the Planning, Sourcing and Implementation of SaaS Projects

Page 4 of 5

Gartner, Inc. | G00249347

Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
+1 203 964 0096
Regional Headquarters

For a complete list of worldwide locations,


2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This
publication may not be reproduced or distributed in any form without Gartners prior written permission. If you are authorized to access
this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on The information contained
in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy,
completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This
publication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues,
Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company,
and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartners Board of
Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization
without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner
research, see Guiding Principles on Independence and Objectivity.

Gartner, Inc. | G00249347

Page 5 of 5