March 2003 - Issue 17

Walking the Walk:
The Right Questions to Ask
Online Technology Providers

Many of today’s nonprofit executives have begun to realize the importance of specialization when it comes to communication technologies.  With growing frequency, organizations are outsourcing large technology initiatives, leaving the installation and maintenance of online tools to the professionals while staff members focus on using these tools to more effectively communicate with their constituencies.

In recent years, there has been a proliferation of Application Service Providers (ASPs) catering to the technology needs of nonprofits. This generally has been a boon to the nonprofit sector, enabling organizations of all shapes, sizes and budgets to take advantage of new technologies to improve their Web sites, track their constituencies, accept online donations and send targeted emails.

But selecting an ASP involves more than simply picking a vendor selling commoditized products and services. Nonprofits assessing ASPs should look beyond a simple line-item comparison of features and evaluate each vendor’s fitness as a potential partner. Unlike a traditional software purchase, which can be as straightforward as acquiring a product, using an ASP involves a long-term association.

Asking a few critical questions up front will help ensure a long, stable and productive relationship.

• How will my data be stored, managed and backed-up? Who will have access to it?

Your ASP will be directly responsible for planning, building and executing a technical strategy to guarantee that data will survive a physical, electronic or financial disaster.  At a minimum, every service provider should take a daily snapshot of the latest constituent information for storage on a separate system from the primary database in case of a computer failure. There should be a plan in place to ensure that such a system is immediately available to reduce the risk of any loss of service. 

Ask your potential ASP about the Internet data center it will use to manage its computing facilities. Third-party vendors should have a proven customer success record with resources to meet demanding business conditions. Someone at every ASP you are considering should be available to answer your questions about network up-time or availability and physical security.

Additionally, inquire about the restrictions that your ASP has set up regarding internal access to your data. How many people have direct access to the database? How many employees have the administrative passwords and how often are these changed? Clearly, the provider you select should treat this access the same way that you do, limiting it to those who need to interact directly with your account. Although virtually all ASPs collect aggregate data across their customer base for trend analysis, they should not be discussing highly sensitive marketing data beyond the terms of your agreement.

• How do you get the data in and out of your donor database?

You probably are working with an ASP to further your overall marketing efforts and success.  So you will have to integrate data collected online with your traditional ”offline” donor database system.  Almost every service provider will claim the ability to export data in some format for this purpose.  Be aware, though, that the mechanism and flexibility for this process varies widely among ASPs.

The process of mapping specific data in the online world to your donor database is not a trivial undertaking.  An ASP should be able to take individual fields, transform, replicate and assign them, as needed, within your existing system. The actual process for executing this data synchronization should require minimal intervention, but also should allow some manual controls to ensure the quality of the data exported, including the ability to remove duplicate profiles of constituents.

Most importantly, no matter how much confidence you have in a potential vendor, you must ask for references of customers with whom they have done similar integration. Ideally, each potential vendor will be able to put you in touch with comparable customers in terms of size, donor database and functional applications.

• How do you handle credit card numbers?

An ASP offering online donation or volunteer fundraising capabilities will have to get credit card numbers from constituents.  Be diligent about understanding exactly what happens to these numbers during and after the donation. In most cases, ASPs contract with a third-party transaction vendor to handle the processing and interaction with financial institutions. This not only ensures accurate and timely execution, but also entrusts the storage of sensitive information to organizations that specialize in the requisite security.

More specifically, confirm with your potential ASP partner that it erases all credit card information immediately after passing it along.  No matter how confident you are in the security of the transaction vendor, it is a moot point if an inherently less secure ASP keeps a copy in its systems. Although this is less of an issue for single transactions, an ASP may decide to store card information themselves for sites offering sustainer giving or recurring payment programs. If you will be using this functionality, ask exactly where the card information is stored between scheduled transactions.

• What software operating system and database is your system based upon? 

You may want to broach the subject of software operating systems with a service provider.  A variety of tools are capable of providing the reliable performance needed for these applications, but if an ASP is using enterprise products from Microsoft, you may want details regarding measures that they have taken to combat their potential weaknesses. There have been a number of very high-profile attacks on ASPs that have not conscientiously applied Microsoft patches that protect against software virus attacks.

Generally, if a provider is using a UNIX-based operating system, such as Sun Solaris, BSD Unix, or Linux, you can be assured that these time-tested systems will be much more resistant to such attacks and will not require the expensive investment in your ASPs technical resources to keep operating smoothly.

• How are fixes and improvements managed?

The features and functionalities provided by an ASP boil down to a set of software tools that require constant fixes and improvements.  A true ASP will have written most of these applications from scratch to meet the specific needs of customers.  It will be able to quickly correct mistakes and respond to new feature requests with minimal effect on system usability.  When speaking with prospective vendors, try to find out about their historical responsiveness. Ask about their recent release schedule or examples of problems or new features that they have quickly resolved. Progressive ASPs should have a system in place to document and manage requests that are made for new features and be able to discuss specific plans for upcoming development of new tools.

An educated, proactive consumer will be prepared to ask the probing questions to determine which technology providers truly offer the tools his or her organization needs in the most dependable fashion.  Although specific responses will vary widely, you should be able to create an “apples-to-apples” profile of each potential vendor and its investment in the facilities, talent and methodologies to provide you the best quality service.