Introducing a rating model for SaaS seemed an almost impossible challenge to us. All services are different in scope and targeted audience. How to generate a common ground on which to judge?
But after talking to our customers, we recognized a specific need which we do think a rating may support. To decide whether a service is functionally well suited for the business purpose or not, is something only business people with their specific use case may answer.
Deciding about Information Security, Connectivity Capabilities or Provider Restainability remains a complex task for someone just searching for a functional fit. This is why we decided to introduce a rating for SaaS across these dimensions.
Information Security is to be understood as a health check on aspects such as Availability, Integrity and Confidentiality. Also we research and verify existing certifications such as ISO 27017 or EU Model Clause support, etc.
Please note: Our confidentiality check assesses the encryption and key management methods applied across the overall architecture. This will include any kind of devices and web clients. Even with confidentiality "high", we do not confirm that the data is so secure that it would prevent Military Intelligence Units from being able to access data there. See our blog for more details on this topic.
This dimension covers the question "How do I get in?" and "How do I get out?" as well as the options to access and make data inside the service available for use in other applications.
In a corporate context, especially when you plan to run mission critical applications, service and service performance also play a major role. In the beginning of 2016 a smaller American provider suffered from a major outage due to a DDoS attack. All representatives and relevant people were on holiday, leaving nobody to re-establish operations for over ten business days.
To prevent you from experiencing something like this, this dimension looks at SLA terms, guarantees given, refund mechanisms, internal procedures and policies, etc.
Finally you do not want to decide for a partner who today makes a great look but does bear the risk of failing tomorrow. Therefor we conduct a typical financial assessment, try to find out about strategy, current and future market positioning, derive based on interviews with management and financial figures an understanding on where we expect the company to be in three or five years from now.
This also includes R&D spending, partnerships maintained, technologies applied, references and successful projects.
Each of the criteria has a value span between 0 and 5. Based on the weights the criteria are calculated to sum up to the general rating. See "Understand Ratings" for more details on the interpretation of our rating information.