As an enterprise software provider, TAS receives a high volume of Request for Proposals (RFPs). I always find it interesting to compare the specific questions on an RFP to others that we have completed. As you might guess, the vast majority of RFPs have a significant amount of overlapping questions mostly focused on end user features.
Given the collective technology experience of everyone at TAS within the retail real estate sector, I can say with confidence that while many RFPs contain familiar but necessary questions, there are a lot of important questions retailers are not asking.
I felt that it would be beneficial to cover some of these important questions, so retail organization seeking real estate site selection software can potentially include them in their next RFP process.
How is my loyalty card data anonymized in the system?
This question is very important from a security and analysis standpoint. From a security standpoint, you want to make sure that no individually identifiable information is being sent outside your firewall. From an analysis standpoint, you need to determine if the level of aggregation works for your retail concept. For example, if you are a convenience store operator and the system requires you to aggregate your loyalty card data to block groups, does this work for you? Is a block group too large?
Does the system support Role Based Security?
This question is really asking about the configurability of the system. Role Based Security allows you to assign users to groups based on similarity. These groups can then be configured for items such as reports, thematics, map layers, etc. It is vital that you understand exactly what elements can be configured by role, as it will affect the long-term viability of the system. For example, can you configure what data items people see when they click on a store based on their role? Can you control read/write access to specific layers by role? What other types of features can be configured by role, get a full list! A highly configurable system will ensure that it can adapt to your future needs.
Does the system support the creation of a full audit log of all changes made by end-users?
An audit log shows you all changes that have occurred in the system and typically includes old value, new value, and the user name of the person that made the change. It is vital that the system has this functionality if you want to allow users to make edits to data. It will allow you to see exactly what users are doing and, more importantly, restore specific data if something got messed up.
Does the system support locking down users to viewing/editing data only in certain locations?
One of the trends we are seeing is retailers giving their preferred developers/brokers access to their system. In order for this to be successful, it requires a highly configurable Role Based Security infrastructure (so you can control what they see) and a highly configurable system for setting Geographic Based Security. Geographic Based Security allows you to lock down where a person can interact with a specific data set. In the context of preferred developers/brokers, it will allow you to control what geographies they can interact with data such as proposed sites.
How does data flow into and out of the system?
It’s rather strange that most RFPs don’t ask this question as it is extremely important. A system built around the uploading/downloading of Excel files, even if automated, will only work for a small team and it will be very difficult to share changes back to the system of record so others can benefit from your field verified data. If your fine working in your own data silo, then Excel import/export is fine. If you have grander dreams, you need something better.
Does the system provide a mechanism for viewing and editing relational data from within a single form or does the data need to be “flattened”?
If the system can only view/edit data from one table at a time, take our advice and run away fast! You will outgrow this system extremely quickly and it will be a nightmare to maintain as your future needs change. You will need to do a ton of data preparation on your side to take data from different places and build a very wide flat file. Let’s not even talk about the pain that will happen if you want to update other systems based off of any changes you make to the data. Run away fast!!!
What is the vendors’ customer satisfaction score for their technical support team?
This question goes above and beyond the typical questions like: what’s covered under technical support, how many hours are provided, what forms of technical support are offered (phone vs email), etc.. Does the vendor have a formal way of measuring the effectiveness of their technical support department? If not, how do they know how things are going? We measure our support team on a number of variables including average open time of support tickets, the number of customer touches per ticket, and customer satisfaction upon closing of the ticket.
What kind of history do the vendor’s employees have in the retail real estate space?
At its core, this question is asking if the vendor understands the space. Given that you will be establishing a long-term relationship with the vendor, it’s important that they understand what you do on a day to day basis. If key employees at the vendor do not have industry experience, can they truly be relied on to architect a solution for a problem that they themselves have never faced?
How often is the vendor’s data center environment reviewed by a third party security consultant?
The only constant regarding computer environments is change. It is extremely important that the vendor’s data center environment is monitored by a third-party security consultant on an ongoing basis to minimize the chance of the environment being hacked.
Has the vendor’s code base been investigated by a third party for security vulnerabilities?
What would happen if you recommended a solution that was hacked at a later time? Well, there’s a pretty good chance you would lose your job. Don’t lose your job, ask this question up front.