
Technology Buying Guide
For firms navigating the technology buying journey - below is a sample list of questions or considerations by topic when engaging vendors. This is not meant to be an exhaustive list, and by no means would ensure the product you're seeking to acquire is going to meet your needs.
Security & Privacy
Ask about SOC2 Type II.
If the technology is going to handle sensitive data, one consideration is whether the vendor has SOC2 Type II certification. This is an audit conducted by a CPA and the audit is conducted against security standards established by the AICPA, the governing body. Technology vendors need to get SOC2 Type I which determines whether the vendor's controls, policies and procedures are aligned with the established guidelines. This is a point-in-time assessment. After this, the vendor would seek SOC2 Type II which is an audit whether the vendor is abiding by its own controls, policies and procedures, and includes sample testing over different periods of time.
Ask if the vendor will share the SOC2 Type II.
The SOC2 Type II report is a comprehensive report that encompasses many aspects of the vendor's technology, operations, processes and controls. As a result, many vendors who are willing to share this report would do so under a strict NDA to prevent this information being made publicly available. The vendor may refuse to release parts or redact sections of the report that are considered too sensitive for their operations. On occasion the vendor may make a judgment call whether the recipient would actually benefit from having the detailed report - so there could be a number of reasons behind the rationale to not share the report.
Ask if the vendor will complete additional assessments.
For certain firms, a SOC2 Type II report is not enough, and vendors are asked to complete additional assessments that meet the security practices or expectations of the firm. These can be quite detailed - and while often the information can be covered off within the SOC2 report, these questions are more direct and force the vendor to respond directly. Since these assessments can be time consuming, the vendor would typically undertake this for larger deal sizes.
Ask about geolocation of cloud storage.
Most new technology vendors will use Amazon's AWS, Microsoft's Azure or any similar service for storing files and sensitive client information. This storage may have geolocation requirements - i.e. US residents' data should be stored on US servers, Canadian residents' in Canadian servers, European residents' in European servers, etc. Ensure your vendor manages the geolocation appropriately for the nature of the information being managed.
Ask if the vendor has an AI usage policy.
With AI proliferation in most tools, understanding how the vendor treats data when it comes to their own internal use of AI is an important question to ask.
If the product includes AI, ask how data is handled.
AI is an exciting technology that will likely impact multiple aspects of the home and office life. In this developing technology, one of the concerns is the exposure of sensitive client data into the LLMs. Understanding how data is handled and managed with AI interactions.
Technology
Know if you're buying a product or a platform.
This is an important distinction to understand in technology solutions. A product is like a calculator—designed for one specific task, like solving math problems, and does it well. A platform, on the other hand, is like a smartphone—it provides a foundation with basic features but allows you to add apps and customize it for different needs. Knowing whether you need a product or a platform is also key.
Ask if the product is API-first.
API means Application Programming Interface, and is a method through which different applications can communicate with each other. Some older (legacy) vendors will add a few APIs to their existing software allowing for connectivity, whereas an API-first platform would be entirely built on an API framework, and supports an almost limitless amount of connectivity and integrations.
Ask how the product roadmap is managed.
The product roadmap is the planned evolution of the product over time. This can be influenced by large clients, investors, founders' visions, or competitive positioning. Having an understanding of how the product is being shaped is important - as it may provide insight whether the product will continue to be valuable in time, or if it will take a turn into a service that loses relevance to your needs.
Ask how product releases are managed.
Product releases indicate the cadence of updates, new features, bug fixes etc. that are released in the product. Understanding the cadence (frequency) of releases, will help indicate the ongoing commitment of the vendor to maintain, upgrade and improve their product.
Ask about current and future integrations, and how are they prioritized.
Integrations allow the product to be connected to other applications, reducing the need for dual-entry and driving admin efficiency. Some applications are easy to integrate with, others are much more difficult. Vendors are often asked about integrating with other applications, so this can add a significant amount of development burden for the vendor - and needs to be prioritized along with the rest of the roadmap. Integrations require upfront development and ongoing maintenance - so it's a considerable commitment which they may request payment for. How a vendor plans future integrations is an indication of the type of customers they have - and whether it is a common request.
Ask about competitors and differentiation.
Vendors who are confident in their product and service should be willing to share their competitors' names, and what are key differentiators between them. This will help determine whether your needs align with the vendor.
Confirm the vendor can grow with you.
Your needs may evolve over time, and you need to ensure the vendor's product will be able to accommodate your current and future needs. Your needs may evolve in terms of volume (scalability) or in service offerings (flexibility). For a financial advisor, an example would be the cost of adding additional advisors and extending the service to them (scalability). Or, merging the practice with a firm that offers adjacent services - so can the product accommodate the additional needs, use cases and potential clients.
Ask how the vendor manages small vs large clients.
Most vendors should have the ability to segment out smaller customers and larger customers by using different technology environments. An analogy would be a bank that has a vault containing many safety deposit boxes for hundreds of clients, and another separate vault for a large gold mining company. Both are using the bank's vaults, but the gold mining company may require significantly more requirements around access, security, etc. If your company has greater enterprise-like needs, it may be worth asking how the vendor would segment you vs others (expect significantly higher cost compared to the shared models.)
Pricing, Training & Support
Ask how pricing scales.
If your practice and needs grow, your cost of the service may increase as well. You need to be aware of how the pricing scales with more users, volume, usage, or another driver.
Ask about a free or extended trial option.
Unless the set-up or training has significant cost, vendors should be able to offer a free or extended trial for you to test out the product and ensure it matches your expectations.
Ask about implementation fees.
Some applications may require setup and configuration effort on the part of the vendor. Some may incorporate this into their service fees, while some may require one-time fees in addition to the service fees. Have a clear understanding on how the fees are structured.
Ask about a cancellation policy, if it even exists.
Some vendors make it very difficult to exit their existing contracts - and that should be a source of concern.
Ask about the training and onboarding process.
Some applications may require training and onboarding for you or your staff. If that's required, inquire about the time commitment for the tier or level of service you're expecting to be in. What happens if you need additional help?
Ask about ongoing training resources.
Ask about a help center and the frequency of updates given the enhancements and new features that are being introduced by the platform.
Ask about post-sales customer support, and how the vendor measures this.
This is one of the most common concerns amongst technology buyers - post sales support lacks significantly compared to pre-sales engagement. A vendor that actually cares about support will be able to provide an NPS score, or a CSAT score to indicate how satisfied their customers are in the product and in their support. If the vendor does not measure this, or does not share it, then that may be an indication that support is a secondary concern for them..
Company Background
Ask about staff locations and access.
In today's environment, it's very normal to have spread out, remote teams. Ask about the number of locations the team is working out of, and how is their access managed.
Ask about the staff onboarding process.
Buying technology is about trust - not just in the product but the people behind the product. Understanding what steps the vendor takes in ensuring staff are given the appropriate tools, maintain compliance, have integrity, etc. is an important consideration.
Ask about staff turnover and growth.
Companies are unlikely to release details about their financials, but you can get an idea from their staff turnover and growth. LinkedIn's Company profile can help with staff progression.
Start with SideDrawer!
- Free trial for 14 days.
- Start inviting Collaborators - it's free!
- Get your own Branding and Custom URL!
Want to learn more?
- Schedule at your own convenience!
- Watch a 10 minute interactive demo!
- We can answer any questions you may have!