ECM — when and why?
Virtually every organization has IT systems that support the execution of its business processes. They are mostly ERP, CRM, HCM, BPM, SCM, EAM transactional systems, next to which large amounts of unstructured, diverse data created in an uncontrolled and unplanned way are collected. These data are not records in the databases of these systems, but they are associated with the processes that are supported by these systems. The way in which they are created and their size are largely independent of the organization itself.
These are mainly text files, spreadsheets, presentations, scans of documents, photos, multimedia files, technical documentation (drawings, plans, designs of devices), documentation of organizations (templates of documents of offers, contracts, ordinances, rules and regulations, instructions, procedures, process descriptions, application forms filled out manually, etc.), e-mails (with attachments), financial and HR documents, call center recordings and other content that is used by business processes or is a product of their execution.
Some of this information is sometimes “hidden" in the individually created workbooks, compilations or personal folders, and stored on disks of workstations, in network resources or on mobile devices. This way of collecting information generates for the organization a high risk related not only to security or availability, but also the validity of documents (version control), lack of knowledge sharing in the organization or reporting data contained therein.
Due to the architecture of transactional systems, it is difficult to use them to effectively manage documents and their flow, i.e. to identify and analyze the collected content. Such systems are not designed to manage the information coming from the environment in the form of correspondence, faxes, recordings or documents produced by employees in the form of MS Office files, scans, photos, etc. They will not provide effective mechanisms for organizing documents on a wide scale, i.e. their automatic recognition, classification and structuring (e.g. by folders, types, cases), archiving, or access via the Web, combined with advanced and quick search.
Rockawork is a comprehensive and flexible IT solution that supports electronic processing as well as archiving and flow of documents and information. The distinguishing features of the product are: excellent ergonomics of use and a high level of data protection.
The solution combines the features of DMS (Document Management Systems), CM (Content Management), e-archiving of documents, BPM (Business Process Management) and Workflow systems. It has been prepared by SNPon the basis of many years of experience in the development of IT solutions supporting the efficient work with documents and information in companies.
Various sources (Gartner, Forrester, IDC) estimate that ca. 80% of information resources of companies are created in such a disordered manner.
The ECM solution is a way for the organization to free itself from the paralysis caused by non-optimal management of documents. The lack of access to documents (including archival ones), inappropriate or inadequate security mechanisms, delays in the flow of information, the lack of version control, incomplete documents in a case and in a process, the inability to quickly collect documents from multiple sources, inefficient document processing (e.g. in the flow of financial documents, complaints, customers’ requests) and finally, more and more time spent on document management — these are just some of the problems that can be solved using ECM.
– collect and process large amounts of diverse, unstructured documents “next" to major IT systems,
– have a complex organizational structure and operate in dispersed locations, which results in a slow and inefficient flow of information,
– make the business success dependent on the efficient collection, processing and reporting of the document flow,
– manage issues that require integration of information across the organization,
– want to protect documents against unauthorized access, while optimizing the cost of labor and task management,
– want to reduce the time needed to obtain access to information, and to optimize the cost of managing the storage and flow of documents,
– want to manage the risk of data loss, should consider deploying SNP Enterprise Content Management as a way to optimize their business processes.
Why SaaS?
The proprietary solution ECM supports document scanning with automatic content recognition (OCR), automatically provides documents in a process or in a case, and its workflow module accelerates information flow and enables tasks to be automatically assigned to the individuals designated in the process. This allows you to make faster and better business decisions, while optimizing the working time and costs of the organization. In addition, in ECM, it is possible to archive any content in a safe and orderly manner, to fully manage authorizations and share documents with virtually any IT system (as a content server).
ECM has been designed with a focus on security, user efficiency and support for content management and workflow in the cloud. The solution has an architecture that is unique in the market of ECM systems. It is based on the concept of logical systems, which guarantees the security of stored and processed documents and data. ECM is a modern platform that can be used by the customer as a basis for designing any archive of documents and managing their flow in business processes without the help of SNP consultants. All of these features are available in the SaaS model.
Although ECM has a typical multi-layer architecture (i.e. a data storage layer, a layer related to the data processing logic and a user layer), its functionalities are available through a web browser. When designing and developing ECM, we put special emphasis on the possibility of configuring the application by the business user, with a minimum possible involvement of an IT specialist.
The user access, defining document types or flow process management are possible via a web browser and by the business user. As a result, it doesn’t matter to the individuals performing tasks in the process where and on what server the application is installed, who administers it and cares about its security, performance, etc. It is accessible to them from both the internal and external network in the same way: a single window of a Web browser contains functionalities that support the management of documents and processes.
But what makes the SaaS model a good alternative to the licensing model that was so popular until quite recently?
Costs and flow of expenditure
Organizations increasingly decide to outsource IT applications, since they see many advantages of this model and this is a way for them to gain a competitive advantage in the market. The ECM implementation project means working at the junction of business and IT technology. When a business division submits to the IT division an initiative to implement an ECM solution, it often turns out that the organization does not have sufficient IT resources. This may be a lack of adequate technology and infrastructure, an insufficient number of middleware licenses accompanying traditional software models (database licenses, a server operating system license, a lack of a virtualization, backup technology, etc.), a lack of specialists or simply a lack of time on the part of the IT division to support the project.
In the case of traditional ECM license-based installations, organizations do not decide to implement a solution due to the aforementioned obstacles. They do not look for alternatives that will break the barrier of long-term costs (related to the system administration and maintenance) and high initial and one-time IT capital expenditure (purchase of required infrastructure elements, additional specialists, etc.).
A solution to these problems may be just the SaaS model, in which all IT capital expenditure (CAPEX) related to the purchase of the ECM solution is entirely replaced with operational expenditure (OPEX). The costs of purchase and use of the application are spread over time, since in order to deploy ECM, we do not make a one-time investment in the technology that is to be depreciated over a long period of time, but we regularly pay for a cheaper and more flexible service of providing the ECM platform via the Internet, and this payment is entirely charged to operating costs. Apart from the workstations of end users, all the elements necessary to launch an IT project are provided by the ECM application supplier — from the delivery to the maintenance of the system.
The most common form of paying for ECM in the SaaS model is a subscription. Its amount depends on the degree of utilization of the application by business users. Their number may vary, e.g. depending on the headcount or the actual needs of the organization in a particular period. Changes in the headcount or in the scope of the application use (adding or cancelling specific functions enabled by ECM or subsequent processes) result in a change of the fee for the service. Thus, the amount of a subscription in the SaaS model is not always fixed. SaaS means neither an investment in IT, nor a purchase of an ECM license along with maintenance, therefore the launch of the ECM project requires a much lower initial financial outlay than in the case of the license model. This in turn helps lower the financial threshold for starting the project and accelerate taking strategic initiatives.
With the SaaS model, there is no risk that excessive IT costs will prevent the implementation of the application that could bring tangible benefits or savings for the business. What’s more — the capital expenditure can be shifted from IT investments to alternative, strictly business investments related to the optimization of the process supported by ECM.
In the SaaS model, there is no risk of over-investment either, as we do not buy spare computing power, space in arrays, licenses that are not used. A simple rule: pay as you go applies here, i.e. we pay only for what we actually use.
Software as a service changes the flow of IT spending, and this aspect can be particularly important in the situations where there is a need to collect and manage large amounts of data at a specific time using a professional ECM system. For example: a project for a customer, a merger of companies and fast and secure exchange of documents, the implementation of an application for a transitional period in anticipation of the rollout from the corporation.
Furthermore, in the SaaS model, there is no risk that at some point we will face the need to purchase a new technology, upgrade or extension of the license that will guarantee the continuity of the application operation. SaaS, by definition, transfers the risk of the application maintenance and security to the service provider, who should be obliged to deliver updates, fixes, security improvements etc. for a single predictable subscription fee.
SaaS at BCC Data Centers
In terms of technology, SNP ECM is entirely based on the infrastructure of Data Centers. Currently, we have two independent sites that guarantee multiplied systems of ensuring the security of customers’ data and systems. At SNP, we manage the IT infrastructure for SNP ECM in the SaaS model on our own, and thus the security of customers is also ensured from the organizational side by the presence of a single provider with a high performance potential and a proven infrastructure of the server room. We do not use subcontractors.
SNP Data Centers have implemented an integrated management system compliant with ISO 9001, ISO 27001 and ISO 20000, which is certified by independent organizations. Customers who entrust their applications and systems to SNP can be sure that the communication follows flexible and described procedures, it is supported by professional tools, and risk management is focused on the systematic improvement of the organization and minimization of risks.
Business security
When considering the SaaS model, much attention is paid to security. For the business user, the security of the ECM application in the SaaS model means primarily a business continuity (availability), performance (comfort of work), data security and fast data recovery in case of disaster, easy introduction of changes in the application (the possibility of configuring the applications by the business user) and ongoing support by IT specialists.
In the traditional model of software installation on the customer’s own IT infrastructure, the application security is the responsibility of the customer’s IT department. In the SaaS model, the responsibility is transferred to the provider of the ECM solution, and it is governed by SLA. Thereby, the risk associated with the maintenance of the application is moved outside the organization and properly accounted for.
From a technical point of view, the key security elements include the ECM software architecture, which ensures data encryption, a backup technology imperceptible to the user, a network and server infrastructure used in a data center, procedures for managing service requests, applied standards, methodologies, periodic penetration testing, i.e. controlled attempts to break into or overload the application. Other security elements include the documentation confirming the systematic checking and maintaining or increasing the level of security as well as effective and tested procedures and evidence of systematic and conscious risk management in the data center.
As regards the security, the choice of the SaaS model for the ECM application boils down to answering some basic questions: will the security of users of the ECM application be higher in the SaaS model or in the traditional model, based on the license for the software maintained internally? Are we prepared in terms of technology to provide and manage the IT infrastructure for the ECM application? Do the method and organization of the outsourcer’s work provide a sufficient level of security at an optimal cost? Do the SLA parameters ensured by the application provider meet our business needs?
Our experience shows that often the level of security for applications in the SaaS model compared to the level of security of the application maintained in the customer’s own server room is the same or higher. It is then recommended to pay attention to the relationship between risk and costs of both approaches and to take into account other benefits associated with each model.
Other benefits of the SaaS model
In the case of ECM solutions, the SaaS model brings many benefits, especially for smaller organizations, strategically focused on the outsourcing of IT competencies. No need to maintain non-business competencies, spreading fees over time, reduction of initial costs, and risk transfer significantly increase the agility of the organization considered to be the speed of response to changes in the environment, since in the SaaS, the ECM solution can be implemented faster and the emphasis may be put on the development and optimization of business, and not on investments in technologies.
The software as a service model can also be a compromise between the ongoing (urgent) needs of the organization and its current purchasing capacities, taking into account IT resources on the one hand and at the same time, a lot of pressure of the business to improve processes on the other.
It should be also noted that the SaaS model significantly simplifies maintenance and issue reporting procedures on the customer’s side, thus eliminating another source of costs and organizational difficulties in IT. The responsibility for the efficiency, performance and security of the application rests with the provider. In the case of the license model, the responsibility for maintenance is usually divided among individual user support lines, and the sphere of IT is almost always taken care of by the customer’s team of specialists. In the SaaS model, not only is there no need to maintain such a team, but also other costs related to the organization, documentation and management of service requests on the customer’s side are optimized.
Comparison of SaaS and license models for ECM
Software as a Service (SaaS) | License | |
Payment method | Monthly subscription without additional fees | One-time fee + annual maintenance, IT hardware, administration |
Financial threshold for starting the implementation project (capital expenditure) | Smaller than for a license | Bigger than for SaaS |
Management/influence on the costs of the organization | In running costs (OPEX) | Depreciation (CAPEX) |
Impact of the project costs on the cash flow of the organization | Stabilizes cash flows | Irregular cash flows |
Total cost of ownership (TCO) | Lower than in the case of a license | Higher than in the case of SaaS |
Software readiness to start implementation (duration of installation) | A few hours | A few days |
Organization of IT resources for the project — purchase of servers, licenses, installation | Unnecessary | On the customer’s side |
Management of IT infrastructure required for proper operation of ECM (networks, servers, disk arrays, virtualization) | On the side of SNP (SNP Data Centers) | On the customer’s side – I support line |
Maintaining and ensuring an update of the technical layer of SNP ECM (an operating system, a database, an application server, etc.) | On the side of SNP | On the customer’s side – I support line |
Creation of backup copies and disaster recovery | On the side of SNP | On the customer’s side |
Ensuring the security, performance, availability of the ECM application | Exclusive responsibility of SNP – based on SLA | Division of responsibility between the customer and SNP |
Management of IT risks for the ECM platform | On the side of SNP | On the customer’s side |
Maintenance (patches, updates, new versions) | As part of the subscription, imperceptible to the user | Paid additionally, it requires an upgrade to be planned together with the customer |
Involvement of the customer’s IT human resources in the ECM implementation project | Minimal | Significant |
Competencies on the customer’s side required for the project | Mainly business | Business and IT equally |
Adding external partners to the application/process/documents | Facilitated | Requires VPN |
The future of SaaS in Poland
Due to the continuous shortening of the life cycle of IT applications supporting business processes, organizations are looking for ways to optimize expenditures for technologies. The five-year payback period has long ceased to be acceptable, therefore more and more companies are looking for comprehensive, fully functional, safe, quickly available, preconfigured, and sometimes temporary solutions that minimize IT spending. With this direction and approach to IT, which is changing also in the face of the availability of cloud computing solutions, in our opinion, the SaaS model will be gaining in popularity. The added value that the organization generates thanks to ECM in the SaaS model is achieved additionally (i.e. apart from the benefits related to ECM) as a result of lower IT capital expenditure spread over time and correlated with current business needs. SaaS is also a great solution in the case of difficulties with finding sources of funding for the project.
There are quite a lot of ECM solutions on the Polish market which can operate in the SaaS model, but not all manufacturers of such software are at the same time the providers of IT services and a professional IT infrastructure managed by themselves. The use of subcontractors as providers of strictly IT components can be less secure and more difficult in organizational terms for the customer than putting the responsibility for the application in the hands of a single provider with the appropriate potential and signing an adequate SLA as a security measure. Therefore, the choice of the ECM application in the SaaS model is the optimal one when the manufacturer of the technology (application) provides also the IT infrastructure managed by themselves. Then the responsibility for the quality of the SaaS service is not dispersed, and any potential maintenance issues are centralized and are the responsibility of a single entity, which is accountable for the ECM service parameters.
Sometimes organizations assume that the system maintained outside generates a higher risk… without calculating that risk. However, it is advisable to consider whether internal IT resources guarantee a higher level of security at an optimal cost. Often, only the juxtaposition of these two elements — security and costs — weighs in favor of a particular solution.
The development of technology and the accompanying growing conviction of financial managers that outsourcing models are more effective make organizations more willing to use applications that are provided and managed by an external entity. Such an approach is justified not only by security, but also the rationalization of IT spending.
The SaaS model sometimes raises concerns of legal nature. It is worth noting that the current direction of lawmaking in Poland already takes outsourcing models into account, of course, while ensuring an adequate level of security and risk management.
The managers’ pressure to optimize IT costs that do not bring direct benefits to the business on the one hand and a constant need to optimize and improve key business processes on the other will, in our opinion, increase the interest in applications in the SaaS model. The SaaS model for ECM solutions is gaining supporters among the organizations that manage their IT themselves.