Tech Corner: Top 10 Due Diligence Questions for Cloud Hosted Solutions

At IT4Causes, use of cloud-based solutions for common problems is a cornerstone of the strategy that we advocate with our small and midsize nonprofit partners. We’re in the process of selecting solutions for both Donor Management and Case Management, and of course we’re doing due diligence to make sure the vendor solutions pass muster. Here’s a list of the top 10 questions we’re asking about the solutions; please feel free to comment back with any other that YOU feel are truly important considerations for making sure a cloud-hosted solution is stable, secure, and sustainable:

  1. What is the SLA for uptime for the application?
  2. Is the application hosted in a public cloud such as Amazon S3 or Microsoft Azure, or is it hosted in a private cloud?
  3. Is the application hosted in a single site, or at multiple sites in different geographies?
  4. Do you have a disaster recovery plan, and when was the last time it was tested?
  5. How frequently are backups made? How long are they kept?
  6. How and when will we be notified of major upgrades and service outages?
  7. Please provide a general overview of your general approach to security. What security measures do you use to authenticate users?
  8. What level of encryption do you apply to our data, at rest and in transit?
  9. How do you ensure the privacy of our data? What about metadata generated by our usage of the application?
  10. How does your application implement role-based security?

Of course, this is just a starting point for discussion, and we ask many other question of our potential vendors. We’d love to hear your thoughts on the topic, too, so send your comments to Thomas.anderson@it4causes.org and we’ll summarize the responses in a future blog post.

cloud computing over blue  background vector illustration
cloud computing over blue background