Vendor Host Evaluation Vendor Name: Host Type:
Rich Media Cloud Other:
Dedicated Managed Colocation Clustered
Hosting requirements: Bandwidth requirements Storage space Active Directory integration Specialization or host multiple types of services Other:
Free of advertising
Reliability, Responsiveness, Communications Disaster recovery Business continuity System failure Problem response Response time
Communication procedures
Credit for downtime Strategic fit
Established protocol for disaster recovery and emergency preparedness Established procedures for business continuity plan Established procedures for notifying key contacts for system failures Method: Response time: Tier 1: Tier 2: Tier 3: Identified communication strategies and has outlined plan for all events including but not limited to: disaster recovery, business continuity, system failure, regular communication. What types of credits are offered for system downtime? Is the SLA a good fit with the organization’s strategic objectives?
Growth and Scalability Vendor dependencies Concurrency Future considerations
What is the backbone of the vendor's support? (E.g. Sprint, Verizon, etc.) What are the backbone redundancies? Maximum number of concurrent users allowed What has been identified in terms of needs with respect to scalability? What can this vendor offer? (E.g.; They may have adequate bandwidth now, but what about the future?)
Scalability limits
1|Page
Transfer Allowance Existing infrastructure Data transfer Courtesy clause
How much can our own infrastructure handle before extra fees would kick in? Describe current minimum/maximum needs for data transfer Look for a “courtesy clause” which describes potential bandwidth limitations
Security Policy and Backups Security policy Security upgrades
Security breaches System backups, logs
Restoration Database recovery and file restoration Security patches Disabling applications or services Upload security and protocols Responsibilities for unintentional loss of data Storage maintenance Network upgrades
Vendor provides a 30-day advance, written notice to the organization of any changes to security policies or backup procedures Applies security updates Provides staging environment where updates and upgrades are first applied Conducts testing prior to implementing in production Has procedures in place for handling security breaches and communicates that protocol to the organization Provides clear, written information on how systems are backed up; maintains backups and logs in accordance with records retention schedule or provides backups and logs to the organization
Ensures the latest stable build of software is maintained at all times The organization is notified of services and applications not in use; permission is obtained from the organization in advance before disabled (E.g.; passing of user credentials, integrations with AD and others)
Technical Requirements Ongoing TR review System updates Conflicts Configuration and installation Tuning memory allocations
Communicates changes in TR Provides timely notification of system updates Advises on potential technical issues such as compatibility or conflicts with hardware and software Provides guidance and resources for configuration and installation Provides the ability to adjust hardware such as RAM and others
Technical Platforms/Ecosystem Supported platforms Development platforms Ease of deployment Number of API’s 2|Page
Programming compatibility Size of developer community Number of plug-in products Available consultants/expertise Partnerships, client list Vendor ranking or rating system
Development Work, Shared Expertise, Training Site/app developers Access to experts Shares information and expertise Training Assistance
Employs site and/or application developers who provide development work for clients Has access to a field of experts who can assist or directly provide client guidance.
What level of assistance is provided with implementations and upgrades?
Database Offerings Types Version Limits Database requirements Accessibility Database tuning and upgrading
Are databases stored in U.S.? Provides access to databases
Patches and upgrades Communication Testing process Schedule
Third Party Applications, Integrations Vetting process
(Does host communicate directly with third party vendor to vet application? How are requests initiated? Do fees apply?)
Maintenance and updates Integration and implementation process used
Reports, Reporting Capabilities Reports of downtime Usage statistics, concurrency
3|Page
Auxiliary Products What auxiliary products does vendor make available What auxiliary products does the organization require
4|Page
Cost Evaluation Criteria Pricing Model Per user/FTE
Per compute cycle
Usage
Flat fee
Subscription-based
Resource based
Pay-per-use services
Connection based Other:
Document any costs or associated costs with the criteria listed below.
Hosting fees (Costs may need to be translated to per user for comparison.) Bandwidth costs/limits Storage costs/limites Data transfer rates File access
Secure FTP
Security Management/Support fees CPU costs/limits Overage costs
Set Up Costs Domain name charges Data migration
Recurring Charges
Performance Application performance 5|Page
Uptime guarantee
Email Account limits Mailing lists
Support Turnaround time Uptime Maintenance times Support hours Total help desk accounts
Requirements and Limitations Describe potential cost associations (negative or positive) below Technology requirements (E.g.; asp.net, Java, PHP, etc.) Multimedia components (E.g.; streaming, audio, video, directory security, etc.) Backend databases (E.g.; My SQL, SQL server, PostGres, etc.)
Logging and Reporting Reports, analysis software
Included?
Site monitoring
Programming Services Application Web design Application compatibility, vetting and testing
Administrative Training and User Education Face-to-face 6|Page
Online Tutorials Materials license cost Webinars Contractual Custom training options
7|Page