Skip to Main Content
Skip to Navigation
Accessibility Statement
Home Cloud SaaS Procurement process Up to $75,000 procurement

SaaS procurement up to $75,000 in cost

Use this information to learn how to adopt a SaaS tool that has an estimated total contract value of up to $75,000. This 5-step process is mandatory for both paid and free options.

This iterative process can take anywhere from several months to a year, depending on various factors.

Last updated on

Step 1: Develop a use case and evaluation criteria

To begin the SaaS adoption process, you’ll need to clearly define your needs and requirements for a SaaS tool.

This process has 3 purposes:

  • To help you determine what kind of SaaS tool you need
  • To help your ministry’s privacy, security, legal and risk management team evaluate your chosen SaaS tool later in the process
  • To make sure your adoption process remains compliant and competitive

Connect with the people who will be using the tool

First, speak to the tool’s future user base. Make sure you’re all in agreement about the features and functionality required for a SaaS tool to effectively meet your needs.

Things to consider:

  • The need to integrate with your current software and systems 
  • The learning curve of the tool and if it matches the abilities of the people using it to day-to-day, or the time and capacity they can devote to training 
  • The tool has appropriate accessibility features for people using adaptive software or hardware
  • The requirement for external users, like a client group or program partners

Develop the use case

Your use case should outline how a SaaS tool would be used to solve a problem or achieve a goal. It shouldn’t be a recommendation of one particular SaaS tool. Your ministry’s Business Analyst may be able to help you with this step.

Address these questions in your use case:

  • Why do you want to use SaaS? 
  • How do you want to use SaaS?  
  • How does your need for SaaS connect with the mandate of your branch, division or ministry? 
  • What are the objectives and outcomes for the SaaS tool?
  • How will you measure the success of your objectives and outcomes? 
  • Who will benefit from the SaaS tool? 
  • Who will use the SaaS tool? How many users do you anticipate? 
  • What features and functionality do you need the SaaS tool to have? 
  • What types of information will you be using with the SaaS tool and what are their security classifications? How will this information be used? Your Ministry Information Security Officer (MISO) and Ministry Privacy Officer (MPO) can help you with this question. In general, Protected C data should not be stored, transmitted or shared in SaaS tools
  • Who will have access to the information stored in the SaaS tool?
  • Do you have a budget? How do the SaaS costs fit into your budget? 
  • What will happen to the data stored in the SaaS tool if you stop using the tool? 

Develop the evaluation criteria

Take a look at your use case and identify the requirements that you have outlined. These requirements will form the criteria that you will use to evaluate potential SaaS tools and vendors during your procurement process.

Your criteria might include: 

Cost. What type of pricing model are you looking for? What is your budget? 

Location of processed or hosted information. Is the SaaS tool hosted in Canada (including all data and associated backups)? Is the data ever routed out of Canada for processing? A privacy impact assessment (PIA) needs to be conducted before sensitive personal information can be hosted and processed outside of Canada

Access control. Which single sign-on (SSO) service will you use for users to login to the SaaS tool?

Configurability. Do you want the SaaS to support custom configurations? If so, do you control them or does the vendor? 

Encryption. How is the data secured (both in transit and at rest)? 

Exit strategy. If you stop using the SaaS tool, how will you retrieve B.C. government data? Are there any associated costs? 

Licensing. Are there any restrictions on the total number of user accounts you can have, or the number of users who can use the SaaS tool at the same time? How are new users added? How are accounts closed or transferred if someone moves to a new team or ministry? 

Privacy and security. What privacy and security certifications or features does the vendor provide with the SaaS tool? Have a look at the vendor’s terms of use and privacy policy. You’ll need this information to complete your privacy impact assessment (PIA) and security threat and risk assessment (STRA) in Step 4

You can also consider other criteria that is specific to your use case.

You may also contact your Ministry Procurement Specialist to help with the development of your evaluation criteria. 

Step 2: Research and estimate

In this step, you’ll look for potential SaaS tools that fit the business needs you identified in your use case and evaluation criteria. This will help you make informed decisions and secure approval from your ministry Expense Authority (EA).

To make sure any future procurement for your SaaS tool is fair, open and transparent, try to avoid discussing specific requirements, evaluation criteria or budget with vendors. Use this time to do general research. What SaaS tools are available in the market which might fit your needs? It’s also good to gather general information about costs to help form your estimates.

Explore and compare SaaS tools

Begin your research by using the SaaS directory or researching options online. Try to find at least 3 potential SaaS tools that could meet your needs.

Check for a Corporate Supply Arrangement

Now is the time to find out if there are any Corporate Supply Arrangements (CSA) managed by the Procurement Service Branch. You can use a CSA to acquire a SaaS tool that fits your use case.

If there’s a CSA available to you, you can make your purchase under the framework of that CSA. Contact your Ministry’s Procurement Specialist if you need additional information about how to use CSAs.

Check for a Multi-Use List

The Province might have a list of SaaS vendors who are pre-qualified. Using this list can expedite your procurement process. 

Contact your Ministry’s Procurement Specialist if you want to explore this option.

To adopt a SaaS tool, you’ll need to complete your own privacy impact assessment (PIA), security threat and risk assessment (STRA) and arrange for a legal review of your chosen vendor’s terms and conditions. We explain this process in detail in Step 4.

For now, check the SaaS directory to see if a PIA or STRA has already been prepared for any of the SaaS tools you’re interested in.

Existing PIAs and STRAs aren’t always transferrable to your own assessments, but they often provide useful information that you can use to speed up your own assessment process. You may need to complete a new PIA or STRA if your use case, the type of data which may be processed by the SaaS tool or the location where data will be stored represents a significant change from the use case in the existing PIA or STRA.  

Contact your Ministry Privacy Officer (MPO) or Ministry Information Security Officer (MISO) if you have any questions about finding or using existing assessments.

A note about using prior legal reviews

It’s important to remember that legal advice isn’t transferrable from one file to the next. The Legal Services Branch reviews each file for their own risks. Risks are assessed by legal counsel based on the particular circumstances of a client’s file like the use case, the type of Provincial data involved and the value and duration of a contract.  

If prior legal advice has been given on your SaaS vendor’s terms of use, you can provide it to Legal Services Branch as part of the background material they use when assessing the vendor’s current terms of use and their suitability for your purchase. Your Legal Services Branch counsel will also consult with colleagues to understand if there is any prior legal advice which may be relevant to their review.

Estimate costs

Research a variety of potential SaaS tools that may fit your use case to estimate and document how much it might cost to adopt any of these tools. Try to cost out at least 3 potential SaaS tools to prepare your estimate.

Plan for SaaS expenses accurately

Your estimated costs should represent the entire amount of time you expect to subscribe to a SaaS tool.

For example, if you want to use a SaaS tool for the next two years, the cost estimate should include the total price for the two-year subscription, along with any additional expenses for upgrades or add-ons.

Accurate cost estimates are important because:

  • The procurement process varies based on the expected expenses for a SaaS tool
  • Your ministry Expense Authority (EA) must approve your cost estimates before you can proceed with the SaaS adoption process

How to estimate costs

Contact SaaS vendors or do online research to find information about costs.

Consider:

  • How much is the subscription fee?
  • How long do you plan to have the subscription?
  • Do you plan to renew the subscription?
  • Are there any add-on features you need to pay for?
  • Do you need to pay more to add additional users to a subscription?
  • Do you think you may upgrade to a more expensive subscription?

Document your estimation process

Keep a record of your analysis to show what steps you took to find and estimate the costs for a variety of potential SaaS tools.

Get expense authority approval

After estimating your costs, reach out to your ministry’s Expense Authority (EA) to obtain approval for your budget.

Send them your estimates and the documentation you collected that shows the steps you took to find and estimate the costs.

Step 3: Conduct your procurement process

After you’ve received expense authority approval for your estimated costs, it’s time to conduct your procurement process to identify the SaaS tool you will purchase.

Collect quotes

You’ll now need to gather quotes for potential SaaS tools that meet your use case needs and evaluation criteria. You should attempt to obtain a minimum of 3 quotes.

Obtaining quotes can be done through vendor websites or by directly contacting vendors through phone or email.

Each quote should cover the total cost of the tool for the entire duration of your intended subscription. Make sure you mention specific services and functionality requirements in your request to receive an accurate quote. This can include details such as how many people require access and any extra features you want to incorporate into the subscription.

In many cases, the quotes you receive will closely resemble or match the estimates gathered in Step 2.

If collecting 3 quotes is not possible

In the case your best efforts do not lead to finding 3 quotes, you may need to use a non-competitive approach and issue a direct award.

In this case, it’s critical to have sufficient documentation to support the decision of why you have opted for a direct award. Record the reasons that prevented the collection of 3 quotes, including any failed attempts to obtain them from vendors.  

Direct awards are publicly disclosed, including contract details and the justification for the direct award. 

Step 4: Complete compliance assessments and legal review

Your chosen SaaS tool must now undergo mandatory compliance assessments and a legal review of the terms of use attached to the SaaS tool. To do this, you’ll work closely with your ministry’s privacy, security, legal and procurement specialists.

If your selected SaaS tool doesn’t pass the compliance assessments, or the risks identified in the vendor’s terms of use can’t be accepted by the Province and the vendor won’t agree to negotiate terms the Province can accept, you may not continue the adoption process with that tool. You’ll need to move on to the next highest scoring proponent.

Legal Services Branch must review your chosen SaaS tool’s terms of use to advise you on any risks to the Province set forth in the terms of use. You may need to negotiate new terms with the vendor that are more appropriate to the Province. 

Where this is not possible, some risks must be approved by Legal Services Branch or Risk Management Branch, while others will be considered business or financial risks, which you will escalate to your executive leadership for review and approval. 

Terms of use contracts

A “terms of use,” “terms and conditions” or “terms of service” contract is a legal agreement between the vendor and the Province as their customer. It may be:

  • In paper form
  • Presented to you in the form of a click-through which must be accepted before you may begin using the SaaS tool
  • Embedded in a link on the vendor’s website

Regardless of the form the terms are delivered in, it represents a contract between the vendor and the Province as their customer.

It defines: 

  • User rights and responsibilities 
  • Use of personal data 
  • Liability for damages 
  • Payment details 
  • Opt-out policies 
  • Security policies 

Most SaaS vendors will want you to follow their terms of use contract.

Ask Legal Services Branch to review the vendor’s terms of use and if required, help you negotiate terms that are acceptable to the Province. The vendor may require a certain level of spending before they are willing to open negotiations.

  1. Contact Legal Services Branch and schedule a meeting to discuss your chosen SaaS tool. Before the meeting, send them your use case, a link to your chosen SaaS tool, a link to the SaaS tool’s terms of use, if available, a copy of any PIA or STRA which may be complete or in progress and any previous legal advice on the SaaS tool which you may be able to locate
  2. Wait for Legal Services to review the material you have provided. They will probably need to ask you some questions to complete their review. You may need to reach out to other stakeholders or the vendor to help answer these questions
  3. Work with the Legal Services Branch to address any concerns with the SaaS tool’s terms of use

Ideally you’ll be able to adopt the SaaS tool you chose using the vendor’s terms of use without any modification. But if the terms are not appropriate, you may need to discuss the risks identified by Legal Services with your executive leadership, try to negotiate changes to terms or choose a different SaaS tool.

Risk management assessment

Most terms of use will require the Province to indemnify a vendor in certain circumstances. An indemnity is a promise of payment in the event of certain types of damage or loss. All indemnities must be approved by Risk Management Branch. If Legal Services believes further risk management assessment is required, they will tell you to contact the Risk Management Branch.

If certain risks are not approved by or acceptable to Risk Management Branch, you may need to choose a different SaaS tool with terms of use that are more acceptable.

Privacy assessment

Privacy Impact Assessment (PIA) is a step-by-step review process to make sure that any personal information collected, used, stored or shared through your chosen SaaS tool is protected as required by the Freedom of Information and Protection of Privacy Act (FOIPPA).

Completing a PIA involves working with privacy experts to identify, evaluate and manage privacy risks.

Privacy impact assessment process

Each ministry is responsible for completing their own PIA, either for a SaaS tool or for a specific use case (how they plan to use the SaaS tool).

For example, if Ministry A has completed a PIA on a SaaS tool and you are from Ministry B, you may need to do a PIA for Ministry B. How a SaaS tool is being used may also need to be assessed separately.

Contact your Ministry Privacy Officer (MPO) if you have questions about PIA requirements.

  1. Start by checking to see if a PIA has already been completed and is listed in the SaaS directory for your chosen SaaS tool. You may be able to use existing PIAs to help you complete your own PIA
  2. Start drafting your PIA in the Digital PIA application
  3. Contact your MPO and ask them to work with you to complete the PIA process. You may need to reach out to the SaaS vendor, your Ministry Information Security Officer (MISO) or other subject matter experts to answer questions in the PIA
  4. Once the PIA template is complete, your MPO will contact a privacy analyst from the Privacy, Compliance and Training (PCT) Branch to review and finalize the assessment
  5. After the Privacy, Compliance and Training Branch has completed their review of the PIA, it will be returned to you for ministry or program area signing. The individuals who provide these signatures vary by use case. Contact your MPO to determine who will be required to sign

Learn more about the PIA process.

Security assessment

You must complete a Security Threat and Risk Assessment (STRA) for your SaaS tool.

The outcome of the security assessment is a Statement of Acceptable Risk (SOAR) that identifies the potential security risks of the proposed tool and how those risks will be mitigated.  

Security assessment process

  1. Contact your Ministry Information Security Officer (MISO) and ask for a SOAR template.
  2. Work with your MISO to complete the template for your SaaS tool. Depending on the risks identified during this step, your MISO may also require the completion of a more comprehensive STRA
  3. Follow the instructions on the template for signing and submitting the completed SOAR

Learn more about the STRA and SOAR process.

Disclaimer: This is general guidance for all ministries. It’s advisable to consult the specialists from your ministry to understand what your process will entail.

Step 5: Purchase a license

Once your chosen SaaS tool has successfully passed the mandatory compliance assessments, the terms of use are reviewed by Legal Services Branch and any risks have been escalated and accepted by your executive leadership where necessary, you can begin the process of purchasing a license for the tool.

What licensing means

SaaS tools are licensed through the purchase of a subscription. What this means is that usually, to get a license to use a SaaS tool, you pay for a subscription that allows you to use the tool for a set period of time.

You are responsible for renewal. If a renewal clause was indicated in your original procurement documentation, you may renew the subscription. Renewals must be for a limited period of time. Keep in mind that many SaaS tools will renew your subscription automatically if this language can’t be negotiated out of the contract.

How to purchase a license

Follow the purchasing procedure used in your Ministry. Refer to the guidance for online purchases in the B.C. government’s Purchase Card Manual.

When licensing your SaaS tool, pay attention:

  • Which product tier or version you’re licensing
  • The billing cycle you choose (monthly, quarterly or yearly billing)
  • The number of user accounts you need

Complete the following steps before you create an account with the SaaS tool or make any payments to the SaaS vendor: 

  1. Document the evaluation process that led to the selection of the SaaS tool you’re adopting. Your documentation should follow the requirements outlined in the administrative records classification system, section 1070-20
  2. Complete the contract pre-approval process, in accordance with internal processes in your ministry or organization
  3. Collect authorized signatures on any applicable agreements. This might include a SaaS Master Services Agreement, Terms of Use agreement or any additional terms negotiated to meet B.C. Government requirements
  4. Make sure you have all the necessary agreements signed, in accordance with internal processes in your ministry or organization
  5. Send the signed copies of the agreements to your finance team so they can set up the contract in the Corporate Financial System (CFS)
  6. Your finance team will arrange for the SaaS tool to be licensed. They may contact you if they need more information

After you have your SaaS tool

After subscribing to your SaaS tool, it’s time to integrate it into workflows and systems.

Contribute to the SaaS Directory

Update the SaaS directory to include all relevant information about your adoption process.  

This information helps other B.C. public service teams learn more about the SaaS tool you’re using and helps them find and adopt their own SaaS.

This data also helps us identify opportunities for organization-wide agreements and better pricing with vendors.  

Establish ownership of the SaaS tool

When you add your information to the SaaS Directory, you must identify who is taking responsibility for managing the SaaS tool.  

The individual you identify should become familiar with using the tool and will be the main point of contact with the SaaS vendor. Their responsibilities may also include managing the SaaS contract, adding or removing users from the account and managing use of the tool. For larger SaaS adoptions (for example at a departmental or organizational scale), this role may be filled by a product owner. 

It may also be useful to identify someone who will lead training initiatives and help new team members get started with using the tool.

You may also need a developer to coordinate any integrations with existing infrastructure or to fulfill any minor development requirements for the SaaS. 

Create an implementation plan

Clearly set out a process to deliver the SaaS and provide training to users. 

You should identify: 

  • Which people or roles should adopt the SaaS 
  • Projects or work that should be done using the new SaaS 
  • The level of skill users should have to use the SaaS
  • What training is available to users 

For larger adoption projects, you may also want to identify which teams or departments will be implementing the SaaS solution first, if you are delivering the tool to users in phases.

Provide guidelines for appropriate use

Give the people who will be using the SaaS tool instructions on how it should be used.

This may include information about: 

  • Which activities or tasks can be done using the SaaS
  • Which types of data can be used or stored in the SaaS (based on the data’s information security classification or other criteria) 
  • Any features or functionality that can’t be used (for example, for security, privacy or legal reasons) 
  • How records and information will be organized within the SaaS

Encourage employee adoption

Introducing a new SaaS tool may be destabilizing for some users.

You can encourage and support employees as they adapt to the new SaaS tool by:

  • Embracing change management techniques and adult education principles
  • Explaining the reasons for choosing the new SaaS, its importance and why now is the best time to make the switch
  • Highlighting the benefits and functionality to show how it can help them in their work

Track SaaS adoption success

Tracking SaaS adoption will help you understand how the SaaS is being used and whether there are individuals who need more support.

Identify metrics that you can use to track how successfully the SaaS tool is being adopted.

Key metrics might include: 

  • How many users have adopted the SaaS 
  • How many training sessions have been delivered to users
  • How many technical issues were reported and how many were resolved
  • How has work or team morale been impacted by the SaaS 

Set deadlines for when you want to reach specific milestones in your metrics. Consider the short and long-term future of your SaaS solution.  

Encourage learning and discovery

Learning how to use a new SaaS tool takes time. Some people enjoy the process of learning how to use a new tool and they’ll be your early adopters. Others may be intimidated by the idea or may feel like they don’t have the time, energy or capacity to learn something new. 

Support users with their learning process by:

  • Helping them find their learning style and providing them with training resources that match it
  • Giving users time to explore the layout and functionality
  • Creating communication channels for users to ask questions and troubleshoot problems
  • Providing practice assignments that teach basic features and build user confidence
  • Leveraging vendor resources such as virtual demonstrations, training materials and support

Join the SaaS Community of Practice

The SaaS Community of Practice is a growing community of B.C government employees who are passionate about promoting SaaS adoption and compliance.

Being involved in this community offers the opportunity to ask questions, share knowledge and talk to other SaaS users about your experiences finding, procuring and implementing SaaS.

Future considerations

While it’s true that the vendor has likely tested the functionality of the solution, this does not necessarily mean that the solution will work perfectly for every organization using it. It’s important that your SaaS solution is quality assured by your team to verify that it meets your specific needs and requirements.

Monitor the SaaS tool’s performance and user experience to ensure its long-term success and effectiveness within your organization by:

  • Overseeing ongoing contract management to develop a clear understanding of what’s working and what isn’t
  • Reviewing the SaaS tool’s terms of use to determine if it still meets your business needs. In some cases, you may identify an opportunity to upgrade to a higher tier or Enterprise agreement. This option may require a new procurement
  • Reviewing the security, privacy and legal compliance assessments of your SaaS solution to ensure that the SaaS still meets the Province’s requirements
  • Gathering user feedback to understand how the tool is being used in day-to-day work and whether there are any issues that need to be addressed. Consider scheduling check-ins at the 2 week, 1 month and 3 month mark after implementation to maintain open communication and address any concerns

Help us improve this guidance

This content was designed based on research completed with public service employees and written in collaboration with subject matter experts.

If you have ideas for how we can make it better, or if you see information that needs to be added or corrected, email us.