This article is the fourth in a series of guidelines on how to put together the perfect e-invoicing RFP – including useful tips that will set you on the right path.
People often talk about how decision-making processes are made up of two elements – must-haves and nice-to-haves. But really most of the time, even the must-haves are effectively just prioritised nice-to-haves.
In reality, there are only a few pieces of the puzzle that are real must-haves. These non-negotiable hygiene factors are features or functionality where even a little compromise just won’t cut it.
In the world of business technology, more often than not this means one theme: security and compliance.
No room to manoeuvre
No e-invoicing supplier will ever outwardly claim to be insecure or lacking in compliance. As a result, if you’re writing an RFP, you simply have to know what’s really important when it comes to security today.
In an area where the cost of any chink in the armour can be extreme and the technology moves so quickly, how do you know what makes the difference between a virtual Fort Knox and an unsuspecting threat to your business.
For a start, check that the vendor has VAT Compliance and digital signatures. In addition make sure that they have SAS 70 in place. You should always ask if they have remote back-up of all your business transactions for at least 10 years along with audit logs and tenant data isolation.
Ask the experts
Actually though, it doesn’t have to be a nightmare for you. Let someone else do the hard work. These days, when putting your RFP together, don’t just rely on candidates’ claims of security and compliance – insist upon third party validation.
There are plenty of organisations out there that make their living scrutinising every technology for potential exploits and cracks. Furthermore, the world of compliance is built around businesses whose sole function is to understand and audit the very latest rules and regulations that exist today.
Ask the vendors if their solution is watertight, tell them to put you in touch with the real experts who will prove it.
When asking for proof, check they are SAS 70 certification, audit reports such as PwC and KPMG.
Are their systems secured by simple firewalls or do they encrypt each message in a multi tenant infrastructure?
RFP TIP: Don’t rely on the candidates’ claims of security and compliance – get proof in the form of whitepapers and auditor reports.
