Consideration needs to be given to the service requirements - how the application is delivered and managed. Suppliers will often provide catalogues to detail these elements of their service. Consideration should be given to the following:
What service hours support do you need - noting that a business critical application should match your operational hours. That is, if you'll use the application 24/7/365 you will need the service to be supported for these hours.
Check for standard service level agreements (SLAs) - availability and incident fix times. Ensure these fit your requirements and that they reflect how critical the service is to running your business.
Ensure there is a plan for IT Service Continuity Management to the level required to support your business needs.
Higher service levels typically result in higher cost.
Having higher SLAs in your application than the SLAs for your network connectivity can result in unnecessary expenditure.
Service operations and management
For a service to meet the required service levels it is necessary to have a service organisation that meets basic best practice processes for areas such as service desk, service operations (backup and maintenance for example), service incident management, business continuity and disaster recovery.
Consider if the service provider works to established standards such as working to the Information Technology Infrastructure Library (ITIL) framework or having ISO20000 certification.
Check the supplier provided scope of the service boundary, where their responsibilities end and what the customer or another contracted provider needs to do, especially in terms of providing network connectivity. Use this provided information to check the network you plan to use to connect to the service is correctly specified.
Delivery support services - deployment and testing
What does the supplier offer in terms of support for project management, deployment and testing of the new application service within your organisation?
Also consider if there is a workable approach to collaboration with the incumbent supplier for migration.
Ensure that all customer responsibilities are documented and understood, especially if there are responsibilities to specify sizing or capacity of the service.
There may also be minimum specifications for customer provided equipment (such as LAN/WAN infrastructure checks; local devices such as desktops). You'll be responsible for ensuring the local equipment meets the required specifications from the supplier, or service agreements may be breached.
What toolsets are provided to allow you as the customer to configure and manage the service? Are there any self-serve options to make moves/adds/changes to the service?
Service transition and exit
Ensure that the approach to exiting the service and transitioning to a new service is documented and any required transitional assistance costs are understood.
Meeting all of these requirements is not mandatory; it depends on the size of your business and the criticality to your operations of the application service you are procuring. Review these categories in terms of what the supplier offers in order to evaluate what meets your needs and provides value for money.
NHS Digital assures all these requirements for national applications and assesses the network and other infrastructure requirements to support these critical business applications.