Part 2 - Tough Questions to Better Select, Compare & Evaluate Any Software or Cloud Vendors

Part 2 - Tough Questions to Better Select, Compare & Evaluate Any Software or Cloud Vendors
How can you more quickly select, compare and evaluate any software or cloud vendors?
Here are penetrating questions to ask any software or cloud vendor to help make a more rigorous and objective comparison. Make sure to download the other two related whitepapers: Part 1 and Part 3.
Ask these questions early in your qualification process to create a short list of vendors. Make sure to ask for commitments in writing!
  1. What is your company's history of application uptime and do you measure and monitor application responsiveness? The service may not be down, but how do I know if it will be responsive and usable? Do you provide a Service Level Agreement for application responsiveness?
    Giva's Answer: Giva has not had any unplanned downtime since we launched our cloud service in August 2000. We have redundant data centers all over the world. Our redundant server farms are hosted with firms that specialize in HIPAA, PCI, and SSAE16 compliant hosting. We have fault-tolerant infrastructure with mirrored data centers that replicate database and web servers.
    Giva monitors application responsiveness all over the world to make sure cloud responsiveness is excellent. We do not provide an SLA for responsiveness as many customers use traffic shaping/prioritizing appliances and proxy servers, or experience intermittent bandwidth bottlenecks due to employee video viewing, etc., so application responsiveness is beyond Giva's control. However, if a customer experiences responsiveness issues, we encourage them to quickly engage with our technical support team to help troubleshoot. The problem is often due to one or more of the problems noted above. If Giva does not provide adequate application uptime or responsiveness, customers can terminate for material breach. We have never had a customer terminate for a material breach. Section 12.3 of the Master Subscription Agreement has a provision for termination for material breach. We have an outstanding record of application uptime and responsiveness and it is best to speak with some of our long-term customers for their perspective.
  2. Is your product architected as a Web-native application? Is it really a client/server application retrofitted with a Web interface?
    Giva's Answer: Founded in 1999, Giva was among the first to provide a suite of HIPAA compliant help desk and customer service/call center applications architected specifically for the cloud. We never developed an on-premise client/server product. As a result, the core of our code base is very secure and stable since it has been subject to almost two decades of demanding use by customers all over the world.
  3. Is data encrypted at rest and are back-ups encrypted? Does the data center provide a managed service, or does your company rent colocation space with power and network access, but your company maintains the server infrastructure? Does your data center use a third-party security assessment firm to determine whether the data center meets Payment Card Industry Data Security Standard (PCI) and HIPAA security requirements related to the protection of private and confidential data? Does your data center use a third-party security assessment firm for intrusion penetration testing and monitoring?
    With respect to your data center:
    • How often do they perform back-ups? Is there a daily incremental back-up? Is there a full back-up at end of the week?
    • Is the back-up automated to assure that it happens without fail?
    • Is the back-up to tape or disk?
    • How long of a back-up history is maintained? Are back-ups stored on site or off-site at secured locations? Can the database be restored to a specific day and time?
    • How long of a back-up history is maintained? Are back-ups stored on site or off-site at secured locations? Can the database be restored to a specific day and time?
    • Is transportation to off-site locations secured?
    • What is the data center disaster recovery plan?
    • What happens if the data center power is knocked out? How many days can it stay powered using generator failover without refueling?
    • Is the data center physically guarded 24 x 7 x 365?
    • How is physical access to the data center protected?
    • How is virtual access to the data center protected?
    • Is there a hardware-based firewall that protects your data from the Internet?
    • Are there Microsoft and Cisco Certified Network Engineers on site 24 x 7 x 365?
    • How long would it take to recover from a complete server failure?
    • Are there ample spare parts on-site?
    • What level of data center redundancy is built in?
    • What level of Internet access redundancy is built in?
    • Does your data center have strategic partnerships with Microsoft, Oracle and Cisco to be among the first to receive important security information and updates? How quickly are security patches applied?
    • Is there virus protection on the servers?
    Giva's Answer: Ask your Account Manager to provide you with confidential information about SSAE16 compliance audits and other security related information about our hosting providers. Giva is HIPAA compliant and we will execute your company provided Business Associates Agreement. Your data is encrypted at rest and our back-ups are encrypted.
    Giva's Operations organization is charged with the responsibility of hosting our application. This organization is measured on a regular basis on the uptime and responsiveness of our redundant server farms. Since our launch in August 2000, we have had no unplanned downtime. Our Operations organization is tasked with continuing to deploy the most reliable hardware and software infrastructure possible. There are trained staff onsite at all data center locations 24 hours/day, 7 days/week to manage and maintain our infrastructure.
    Giva has full control of our server farms. Giva has responsibility for MS SQL database administration and maintaining our application code base. Our hosting providers are responsible for keeping server farms and hardware based firewalls up to date with operating system service packs, patches and security fixes. Our hosting providers manage the daily incremental and weekly full disk based encrypted back-ups. There are disaster recovery standard operating procedures in place at all data centers as well as battery back-up capability and onsite diesel generators should there be a power outage at any data center.
  4. As my company grows or experiences spikes in business, can additional licenses and disk storage space be quickly provisioned on-demand as necessary for peak times?
    Giva's Answer: At any time, customers have the flexibility to add licenses when required. Additional disk space is also available, if customers exceed their allocation.
  5. Can I get a copy of my company's data file at any time in an industry standard format, so it can be imported into another application? Is there a charge?
    Giva's Answer: Without charge and at any time, our customers can access and download their data which is in an industry standard CSV format.
  6. Are there maintenance windows of downtime for routine server administration? When are they? Will the service always be unavailable during these windows or just some times? Will I get notifications when the service will be down during a maintenance window? How much advance notice?
    Giva's Answer: There are scheduled maintenance windows for possible planned downtime for routine server farm administration. It is very rare that customers are actually impacted by planned downtime. For customers hosted on USA infrastructure, the scheduled maintenance windows are currently scheduled during the weekend hours between 10:00 pm Friday and 3:00 am Monday, Eastern Standard Time. If planned maintenance during a scheduled maintenance window has the very rare possibility of making the service inaccessible, Giva will provide at least 8 hours prior notice via a message posted after logging in. For more details, please see Section 3.1 in the Master Subscription Agreement.
  7. Is a source code escrow service available? Is there a fee for this?
    Giva's Answer: Source code escrow is available. There is an initial upfront set-up fee and recurring annual fees.

Additional Whitepapers