Skip to main content
Is your current Risk Management Information System (RMIS), Environment, Health & Safety (EHS), or Governance, Risk & Compliance (GRC) technology contract expiring? Have you “had it to about here” with your current vendor and their promises gone awry? Are you just beginning the search for a software vendor? Is the potential of new technology catching your eye?

No matter the reason for your software search, there are a few considerations to keep in mind as you find the vendor that’s right for you. These factors should be discussed at the outset of exploration. They shed light on topics that often emerge as companies further engage in the contract lifecycle with a vendor. These considerations can be particularly helpful when evaluating a vendor for RMIS, GRC, or EHS capabilities.

[View this article as an infographic]


1: Software Viability

When deciding on a vendor, what likely catches your attention is the sleek look and feel of the software, however, there are a few things “under the hood” that prove to be more important than this. Software viability remains the main pillar of considerations and can be broken down into a few factors.

Solution Releases, Maintenance & Bug Fixes

It is important to consider a software solution’s current state and its future potential — whether good or bad. Ensure you understand the release and maintenance schedule and bug-fix approach. Be confident with a vendor who provides clear, scheduled (not consistently delayed) updates. Furthermore, the vendor’s service and development teams should be dedicated and effective in handling pressing inquiries and bug fixes in a prompt timeframe. Remember, action and evidence is always better than promises!

Data Ownership

Data ownership continues to be a pressing topic of conversation. There are many cases in which, upon moving from one vendor to another, a company’s data is “held hostage.” Clarify the terms and costs surrounding your data and plans to move this data when your contract expires or in the event of unplanned changes. 

Platform Security

With constant reports of data breaches and hacking, vendor security should be top of mind. Identify which cloud computing service your vendor uses and conduct your own research about the pros and cons of this service. You will want to understand if your potential vendor has experienced a data breach, the breadth and depth of the breach, and how they addressed and communicated the breach. If they have not experienced a breach, it’s best to ask how they would handle and approach a potential breach. A vendor should be able to communicate any breach in a transparent and swift manner - identifying all affected parties and a detailed response plan of action.

Reports & Dashboards

Not only will you want reliable software to help with your day-to-day obligations, but you will also want to showcase trends and learnings to stakeholders and the board. Reporting can be based on out-of-the-box best practices or customized requests. Reports can be integral in indicating or uncovering trends across various departments. The data in the application should be accurate, straightforward to generate, and easily accessible. Considering a vendor with a unified or single application can make this task easier.

Additional aspects of software viability to consider: 

  • Mobile-friendliness
  • Solution partnerships and integration potential
  • Solution strategy and roadmap
  • Service, help desk, and attention to issues raised
  • Software ease-of-use and software learning curve
  • Software standardizations versus customizations
  • Additional scope potential beyond initial use-case

(!) Buyer Beware: the look and feel of a platform does not always indicate its power. 

[Download our 35-point Vendor Performance Assessment]


2: Client Experience

The client experience often gets overlooked in the search for a reliable software vendor. A positive relationship can consist of opportunities to participate in client conferences, peer networking, and educational programming. It’s important to understand what type of dedicated client events the vendor offers throughout the calendar year. In addition to conducting events, the vendor should provide the opportunity for clients to contribute towards the future of the solution or experience for other clients. This can be achieved through a Client Advisory Board (CAB), Client Knowledge Center/Portal, or Client Satisfaction Survey. A vendor should be open to connecting you with a satisfied client or pointing you to helpful case studies and resources. Lastly, the service model and account management process should be clear to understand with opportunities to assess and improve across the project timeline. Look out for third-party reported Net Promoter Scores (NPS) and peer forums, such as the RIMS OPIS board for risk managers, that can give you insight into current client experiences with vendor organizations.

Additional aspects of the client experience to consider: 

  • Training guides and learning opportunities
  • Public entity-specific support and sample clients

(!) Buyer Beware: It should not be “pulling teeth” with a vendor to be introduced to any of your peers who are current clients.

3: Vendor Organization 

Another aspect that will make a significant difference in your experience and the service you receive is how the vendor organization is fundamentally different from its competitors. A well-rounded vendor organization should consist of subject matter experts in their respective fields who can speak to aspects of the software or current industry topics - they may even frequently speak at industry conferences and events. It’s also important to understand how vendor employees feel about the current CEO - for example, do they trust the CEO’s vision and do they trust the company’s mission? Closely related, knowing how employees feel about the company culture is important. Websites such as Glassdoor can provide an inside look at how current or past employees assess factors such as the company culture and CEO/Leadership Team. Another source for helpful guidance lies within analyst reports. These analyst assessments provide a third-party view and comparison across industry competitors. Lastly, when conducting research be sure to investigate the financial health of the organization including the organic growth of the company. Does the vendor organization have heavy private equity investment? If there is a heavy private equity presence, you will want to understand when the note is set to expire and if the organization is greatly driven by this future profit potential and obligation. If so, the organization may have less likelihood to invest in long-term innovation and sustainable growth opportunities and more focus on cost-cutting initiatives. 

Additional aspects of the vendor organization to consider: 

  • Philanthropic involvement
  • Environmental, Social, and Governance (ESG) & Diversity initiatives
  • COVID-19 response and business continuity and operational resilience planning
  • Industry events participation and working relationships
  • Leadership team length of service and expertise

(!) Buyer Beware: A client should always come first, profit should follow. Not the other way around.

4: Program Management & Investment

Program management and investment requirements must also be considered in your search for the best software partner. A great vendor will identify how the program can be effectively managed over the course of your project and will sufficiently respond to all RFP inquiries in a timely manner. The vendor should be able to help you and your team outline the cost-benefit and return on investment (ROI) projections and be able to identify creative ways to determine ROI. Furthermore, a reliable vendor partner will provide examples of how other clients are considering ROI - they may even set up a meeting between you and a current client with a similar use case. At the end of the day, the vendor will also need to meet your company’s internal requirements for vendor risk due diligence. 

Additional aspects of the program management and investment to consider: 

  • Contract terms and service level agreements
  • Fair market value pricing for services delivered

(!) Buyer Beware: Low initial pricing does not always equal a great deal leading to ROI.

[Thinking of switching vendors? Start with this performance assessment]


5: Diverse Expertise of Your Team

Throughout the search for a new vendor, your internal team should have multiple touchpoints to remain on-track with your company’s intended project completion timeline. Be sure to set-up an internal team responsible for assessing the software vendors. This group does not need to consist of the final decision maker, but should include a well-rounded, diverse assessment group. Consider employees on your team who have experience utilizing the vendor software in a previous role, currently oversee the day-to-day use cases the software will be expected to enable, or can provide strategic considerations regarding the future use cases of the software. A RACI (Responsible, Accountable, Consulted, Informed) Matrix can be useful in structuring a software evaluation project team and task delineation. You will want to remain aware of the project scope, status, budget, and goals or intended outcome throughout the duration of your vendor selection process.

(!) Buyer Beware: Encourage team members to get involved, especially if they are highly passionate about their value-add to the project.

As with all projects, the vendor selection process can be time-consuming, appear to be an overwhelming undertaking, and require the involvement of multiple resources. It’s important to remain realistic and to understand the short-term and long-term milestones beyond the initial selection process. Remember to celebrate the small victories along the way and congratulate yourself and your team for considering the first step in your software journey or software reassessment!

Looking for further guidance on this process? Download your copy of a complimentary Vendor Performance Assessment Checklist containing 35 key assessment points, sample questions, and rating-scale criteria.