- Someone else pays for the hardware, software, maintenance, updates, etc.
- Subscriber pays a fraction of the total cost of implementation.
- Competition gives each provider an incentive to continually improve their offerings.
- Back up
- Disaster recovery
Setting aside the worst case, there are other reasons an ASP may be unsuitable.
- A third part will be given access to subscriber's data.
- The services offered may not precisely meet subscriber's business needs or processes. Because many ASP business models are based on standardization and volume, provider may be unwilling to offer custom solutions for individual subscribers. In that event, is it cost effective for subscriber to revise its policies and practices to accommodate the proposed application?
- Provider, not subscriber, controls when and how changes to the application are made. If changes effect the "look and feel" of the application, subscriber may encounter unexpected costs and delays for re-training personnel. Alternatively, subscriber may not want the added features, and extra cost, of Version X +1, while provider may not want to continue to support Version X.
- In general, neither provider nor subscriber controls the transmission lines, creating an exposure - interruption - that neither party can fully control.
- Quitting a provider can be problematic. For example, will the provider simply block subscriber's access to the application or provide transition assistance. If assistance is provided, what will it cost?
What then, are the foundations of a successful ASP project? A full answer would require a book (See shamless plug below), but I can address some highlights here.
1. Due Diligence
As mentioned, if provider's offerings do not meet subscriber's needs, the relationship will be rocky, at best. But diligence must extend beyond matching needs to services.
- Is provider financially sound?
- Are its personnel adequately trained?
- Does vendor have all the necessary permits and licenses?
- Does vendor implement appropriate physical and logical security?
- Are appropriate disaster recovery measures in place?
2. Interim Remedies
In fiction, at least, the appropriate response to any business disagreement appears to be "So Sue Me!" A better approach might be to build in "safety valves" to permit discrete disagreements to be resolved without derailing the entire project. Examples would be meet and confer requirements, permission to withhold payment of disputed balances and a narrow list of circumstances in which provider may suspend or terminate services.
3. Objective Standards
When will the application be available?
What processing speeds will be provided?
What response times will be accepted?
In what format will subscriber's data be stored?
In what format will reports and other output be delivered to subscriber?
To protect both sides, it is important that these and other standards be stated clearly and be subject to objective measurement. Without objective standards, subjective judgments ("It's too slow!") could put the project at risk.
We will purchase an auto after a 20 minute test drive and a house after a walk-through and home inspection (and a little haggling). Outsourcing business functions, however, merits more detailed examination. The more critical the processes, the more important it is to thoroughly test the application in the most realistic setting possible.
5. Business Continuity
If the provider's servers fail, will subscriber's business come to halt? Thus the need to verify that provider observes proper security, back up and recovery procedures. For truly critical processes, consider requiring a source code escrow (which must be kept current) or maintenance of a mirror site that could easily be taken over by subscriber.
We will explore these and other features of a successful ASP contract in greater detail in future postings.
This article is derived from "Application Service Provider and Software As A Service Agreements Line by Line," Kelly L. Frey, Sr. and Thomas J. Hall. Published by Aspatore Press, 2007.
Note - my friend and colleague Kelly Frey had no part in drafting this post. Any errors in it are mine alone.