What red flags would you advise looking out for when evaluating potential vendors?
Sort by:
My first review includes financial stability, Venture Capitalist Involvement, Magic Quadrant or Market Guide inclusion, Peer Insights and feedback from others. I am also looking for a business partner with more strategic vendors that will jointly exploit continuous improvement opportunities, a voice on the product roadmap, and value-added services, such as engineering support for the more complex pieces of the offering.
Depending on the type of vendor, I also like to get some insights from LinkedIn to get a sense of how large the organization is, how many employees, how recent their staff has worked for them, etc. Also, if you can find out if they are owned by a Private Equity firm, there is chance they could be sold during your relationship with them. You can also ask for customer references.
Using a vendor brings several risks. The main ones are:
1. Unable to track changes made by the supplier;
2. No control over the evolution of the supplier's services to meet its needs;
3. Expertise level in my organization in consuming the provider's services;
4. Difficulty maintaining the financial position and profitability of your solutions;
5. Difficulty in changing providers at the end of your contract;
6. Decrease its flexibility and ability to evolve over the long term with a supplier;
7. Could lose control of your data;
8. Employees could get lost in roles and responsibilities in a new cloud computing environment;
9. Could be shuttered or modified our information entrusted to suppliers without our knowledge by the bad behavior of our users with their username and password.
10. An outage of a provider service could affect our mission services.
In this context, it is important to assess a seller's threat and vulnerabilities. To do this, we recommend the following checks:
1. Due Diligence (past incident);
2. Location (Of the company and your data for law compliant);
3. Security Level (Certification or standard like SOC2, ISO-27001, etc.);
4. Resilience and service Offer (Financing aspect, SLA versus your requirements);
5. Interoperability (Can export your data);
6. Strategy and Leadership (With Gartner and Forrester for example);
7. Availability of skills with the service consumed (Your teams, consultants available, with that expertise);
8. Cost control (tools to monitor cost);
9. Responsibilities entrusted to the service provider (By the contract and SLA);