Privacy Tech RFP Core Requirements | #2

Hello and welcome to the first edition of 518, a weekly privacy technology newsletter presented by FLLR Consulting.

In this newsletter we outline the core requirements to include in your RFP.

Let's jump into things.

There are a lot of considerations when choosing the right Privacy Tech vendor for you organization. In our previous newsletter, we discussed when a Platform vs a Point Solution is the right choice. Here we want to explore the key core requirements to include when sending out an RFP to vendors.

Now there are a lot of potential requirements and almost as many stakeholders who want a say in what the vendor can and cannot do. In response, this article caveats these requirements as "core". Now, what does that mean? For purposes of this conversation, "core" privacy tech requirements are everything to do with the base level platform of the tool. Things like singe-sign on, security features, roles, reporting, etc. Everything that's usually looked over when dazzled by an automated scan.

Let's put some categories together and then add the requirement in:

• Access & security

• Hosting options

• Reporting & dashboarding

• Integrations & extensibility

• Documentation & support

Access & security:Ability to support...

• Single-sign on; SAML 2.0 compliant

• Support multiple domains (email domains)

• Automated user provisioning

• Integration with Active Directory

• Automated user off-boarding

• User access logging

• Achieved or pursuing (include scheduled audit date) SOC 2 Type 2 (or other relevant certification)

• Role-based access controls

• Custom created roles

• Multiple subsidiaries within the same tenant environment

• Organizational hierarchy across different modules and solutions - separating access and visibility of data by Business Unit, Subsidiary, or by other grouping

Hosting options:Ability to support...

• Cloud deployment; list the hosting provider

• Ability to support single-tenant hosting, if desired

• Local data hosting; list available data center locations [ie: USA, Germany, Australia, China, etc.]

• SLA of 99.99% uptime / Provide available SLAs and tiers

• On-premise deployment, if desired; provide system architecture and installation requirements; what % of customers are on-premise

Reporting & dashboarding:Ability to support:

• KPIs demonstrated visually via dashboard

• Configurable dashboards without need of vendor resource support

• Report scheduling and emailing

• Integration with Tableau/PowerBI

• Export of system data to Excel, CSV, and/or PDF

Integrations & extensibility: Ability to:

• Provide out-of-the-box integration marketplace

• Integrate with ServiceNow

• Integrate with JIRA

• Schedule integration frequency [real-time, minute, hourly, daily, weekly, etc.]

• Bulk import data via native import UI tool

• Create custom integrations without need of vendor resource support

• Visual workflow UI

• Support REST and SOAP integration standards

• Support OAuth 2.0 authentication protocol

Documentation & support: Ability to:

• Provide resource and support portal

• Provide platform certification classes

• Provide architecture documentation

• Support implementation/deployment of platform through in-house professional services

• Support network of third-parties certified and trained on product deployment best practices

• Provide phone, email, dedicated customer support

• Provide regular release notes on new product features and enhancements

FLLR Consulting is uniquely positioned to help companies evaluate privacy tech vendors, see through the check boxes of RFPs, and identify if a vendor can truly meet your requirements.

Reach out if you'd like to chat: [email protected] 

What did we miss? Reply back!

Potential topics for the next few newsletters: 

• The anatomy of the Publishing business - all the tech involved to make it work and how privacy tech plays in

• Upcoming vendor events to be aware of

• 7-step health check process

What else should we talk about? Just reply back to this newsletter.