Skip to main content
Add as a preferred source on Google

What to Ask When Outsourcing SaaS

  • By Ellen Kollie
  • 01/01/19
outsourcing SaaS

PHOTO © BAKHTIAR ZEIN

Founded in 1875, Indiana University of Pennsylvania (IUP) in Indiana, PA, is a public, research-based institution boasting nearly 12,000 undergraduate and graduate students. In 2018, Bill Balint, CIO of IUP, and his team made the decision to put the community’s email in the cloud using Microsoft Office 365. This is an example of one of many forms of Software as a Service (SaaS) to which more academic institutions are gravitating, removing the physical infrastructure from the institution. As Balint bluntly observes, “Those genies are out of their bottles, and they’re not going back in,” meaning that outsourcing to the cloud is here to stay. Sure, institutions may change service providers as contracts expire or challenges arise, but they’re not going to bring those services back in house.

When it comes to providers, there are those that offer single, specific software services, and there are those that provide collective services, such as Amazon Web Services (AWS), “which provides a wide variety of on-demand, cloud-computing platforms,” says Thomas Skill, Ph.D., associate provost and CIO, University of Dayton (UD), OH. UD is a Catholic university founded in 1850, with nearly 11,000 undergraduate, graduate, and law students.

In this face of this new trend, and considering that there are many providers and many ways to package services, how can administrators be sure they’re contracting with the SaaS provider that will best meet their needs? By asking questions. Here’s what the experts suggest you ask.

‘How Do I Know You’re Dependable?’

There was a time when some of your customers relied on technology and some didn’t. Those days are long gone. Today, all of your customers rely on technology, and they rely on you to provide it and keep it operational. Therefore, it stands to reason that, if you’re outsourcing a service, you’re counting on that vendor to do what you would do: provide the service and keep it operational. You’ll know the vendor is dependable by ensuring that “your service level agreement is spec’d out ahead of time for when there is a failure,” says Balint. “Technology is a commodity, and your customers are not so forgiving of things not working now as they were in 1995. You can’t wait until there is a failure to come up with a plan for fixing it.”

‘Can You Give Me an All-In Price?’

An all-in price that is totally transparent accounts for the cost of the level of service to which you’re agreeing and eliminates unexpected costs. Balint offers an example of unexpected costs: “Let’s say I sign an outsourcing contract. The contractor comes in and finds a challenge neither he nor I expected when I signed on the dotted line. Now it’s going to cost more to fix that challenge before we can move ahead.” An all-in cost ensures price predictability, just as there is in knowing your own staff’s salary and benefits, and it eliminates the unpleasant surprise of unexpected costs.

‘May I Speak With an Existing Client Whose Situation is Similar to Mine?’

Balint is adamant about this: It’s nonnegotiable. “I have to be able to look at and touch another school that’s the same size as mine and has the same level of complexity as I have,” he says. “I want to talk with somebody at a school similar to mine to see what the vendor has brought to the table in terms of meeting that school’s needs.”

‘How Will You Protect Our Data?’

“We have an obligation to protect our data,” says Skill, “so this is an important question for us. In interviewing vendors, we spend an extraordinary amount of time on security.” He indicates that it’s a myth to think that, if you take your services to the cloud, everything will be fine; that the cloud is a magical place that takes away your hosting problems. For him, the decision-making driver is not pure cost savings—it heavily includes security.

“Our biggest concern is security,” Skill explains. “When we hear about data breaches, in nine out of 10 cases, it seems that it’s the third party that has lost data for an organization, not the organization itself. If this happens, it’s because we, as the organization purchasing the service, failed to do our due diligence in how the third party was keeping our information secure.”

Skill acknowledges that, in the past, he has taken heat from some of his customers about the length of the due-diligence process, wondering why a service isn’t up and running already. He’s willing to take that heat in exchange for the peace of mind that the vendor has security as its top-most concern.

‘Are You SOC 2 Compliant?’

American Institute of CPAs (AICPA, www.aicpa.org) offers three different System and Organization Controls (SOC) audits for service organizations that provide valuable information for users to assess and address the risks associated with an outsourced service. SOC 2, according to AICPA, is intended to meet the needs of users “that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.”

Skill wants to know that potential service providers are SOC 2 compliant. However, he acknowledges that even this is inadequate and that additional questions must be asked. Those questions are formulated in a document called “Third Party Data Security Questionnaire.” This document can be readily found in different versions on the Internet and tailored to your institution, and Skill is happy to share his. “This is a very deep dive that we see as critical to our data protection obligations,” he notes. “After we ask the questions, we review the answers and ask ourselves if we’re comfortable with the answers and the risk.”

SaaS isn’t always cheaper than hosting them in-house, but it does allow you to scale up and scale up more quickly than if you did it yourself, observes Skill. “There’s a convenience and e-speed to market,” he says. “The service provider has the responsibility for doing a lot of the back-end support so our limited staff doesn’t have to.” Being prepared with the right questions can help you choose the providers that will best help you move your services to the cloud.

This article originally appeared in the College Planning & Management January/February 2019 issue of Spaces4Learning.

Featured

  • Pitzer College

    Designing for Change in Higher Ed Learning Environments

    Higher education will continue to evolve, and learning environments must evolve with it. By prioritizing adaptable infrastructure, thoughtful reuse, strong energy performance, and wellness-centered design, campuses can create spaces that support learning today while remaining flexible for the future.

  • golden trophies with falling confetti

    Spaces4Learning Launches 2026 New Product Awards

    Spaces4Learning is happy to announce that we’re now accepting entries for the 2026 New Product Awards! The awards program recognizes the outstanding product development achievements of manufacturers and suppliers whose products or services are considered particularly noteworthy.

  • University of Oklahoma Announces New Campus Master Plan

    The University of Oklahoma in Norman, Okla., recently announced that it will soon launch a new, comprehensive Campus Master Plan to guide the campus’ physical development during the next decade, according to a news release.

  • Can AI Help Build Stronger Communities in Student Housing?

    Student housing success is shifting from operational performance to student experience, with belonging now at the center. A recent 2025 report underscores a growing emphasis on student well-being, community, and engagement, signaling that expectations now extend beyond logistics to ensure students feel supported in their living environments. AI is enabling that shift by reducing administrative workload and giving teams more time to focus on meaningful student engagement.