top of page

Procuring ECM: Have You Picked a Software Vendor?

We’ve written a few posts on how to select your Laserfiche Partner. But what if you are not in that stage of your ECM purchase? Perhaps you haven’t chosen the technology vendor yet. While we could go on about feature and functionality lists for days, Laserfiche has plenty of this content. We thought it would be equally valuable to examine if you want to (or should) do business with this ISV (Independent Software Vendor); here are some points to ponder if and when you find yourself in this situation.

  • When you mention to one of your software vendors that you are interested in ECM, they assert they have a module with that functionality. We hear this plenty. This approach can be problematic just because they’ve developed another business application (that you own); you shouldn’t necessarily buy ECM from the same developer. Just because an ISV created an application that manages your facilities doesn’t mean it can manage retention schedules and ensure you stay compliant with government/industry regulations, plus a whole host of other functionality. ECM should not be relegated to existing as a “module” for another system. Maybe 30 years ago, but not with what we know about information management today. That ECM module you are contemplating gets only enough resources and support dedicated to it to keep its baseline functional. And if there are problems, don’t expect them to jump on it because they are a facilities management developer and have to prioritize their product.

  • You are advised that Introducing a new application on your network will cause terrible things (hacks) to happen. Security vulnerabilities are, unfortunately, an issue that occurs with all software products, and Laserfiche provides fixes for any reported vulnerabilities. Our product undergoes annual 3rd party penetration/vulnerability testing for Laserfiche Cloud. It maintains a SOC 2 Type 2 certification, where our security controls are tested and audited annually by a 3rd party for security, availability, availability, and confidentiality. Laserfiche has a defined Software Development Life Cycle (SDLC) that is based on industry-leading practices and incorporates source code control, centralized defect tracking and requirements tracking, automated tests, automated builds, policies enforcing code review before check-in, and static code analysis.

  • You are told by the vendor that they have many happy customers- In a prior post, we discussed reference checking. The 411 is you need to speak to multiple references and ask for contacts in IT and the business unit. Additionally, the vendor should provide references who use the product like you plan to. Part of reference checking should also include asking for industry analyst reporting. While some analysts have been accused of being pay-for-play, the reports allow you to put vendor selection in context, the entire industry, and some key verticals.

  • The current vendor tells you integrations with other vendor products won’t work- Laserfiche was deliberately architected to integrate with other applications. If the facilities mentioned above management vendor tells you their app won’t integrate with Laserfiche—that was a business decision made by the company. Essentially, they are holding you hostage to keep you in their ecosystem and using their products. And while Apple has gotten away with it, it is not a customer-focused decision. I would think carefully about choosing their ECM module.



bottom of page