Byte-sized guide to successfully procuring IT systems
Navigating the complexities of IT procurement can be daunting, but with careful planning, you can avoid costly mistakes. This guide offers practical steps to help organisations make informed decisions, ensuring long-term success and seamless integration.
Procuring a new IT system can be a transformative step for your organisation, but it can be a daunting exercise and comes with significant financial and reputational risks plus long-term legal commitments. It can lock you into a system that may not be fit for purpose, but is then not easily migrated to another provider. The early stages of your project are crucial for setting the tone, avoiding problems that will echo through the project and ensuring lasting success. Below, you’ll find some byte-sized top tips to help you navigate the journey with confidence.
Start with robust due diligence
When reviewing IT providers, you’ll often see impressive credentials highlighted, such as ISO certifications or robust data protection and security features. However, it’s essential to ensure that these claims are properly verified during your due diligence and, crucially, make it beyond the sales brochures and into your contract as clear obligations, warranties, detailed service levels and specifications. Coordination between those carrying out due diligence and those negotiating the contract is vital. This helps prevent important details—like safeguarding donor data or ensuring Gift Aid reporting functionality—from slipping through the cracks. For example, if a provider claims their system will support full UK GDPR compliance for donor personal data, make sure this is a contractual warranty, not just an empty marketing promise.
Visualise the system and plan for integration
It’s helpful to request a clear, summary architecture diagram or blueprint of the system being procured, including an overview of the Tech stack, particularly if it needs to integrate with your existing platforms or third-party products. Visuals like these can help everyone involved, not just technical staff —from project champion trustees to project managers—understand how the new system will work within your charity’s technical environment and as part of an overarching organisational structure or contractual framework. For example, a diagram showing how a new CRM will link to your online donation platform and third party accounting software can help you spot potential integration or API challenges early on, and act as an aide for discussions around responsibility of development, security and maintenance of different parts of the system.
Test early, test thoroughly
Testing should take place as early and as thoroughly as possible. This helps identify issues before they become embedded in your charity’s processes. If you’re working with multiple suppliers, such as with a developer, CRM provider and also a separate events management tool supplier, require joint testing in a sandbox environment to check integration, data flows and different approaches and timings to integration protocols. For example, testing the system’s ability to handle a surge in online donations during a major campaign can help avoid costly crashes when it matters most.
AI Systems: understand the added complexity
If you are considering systems that include artificial intelligence (AI), be aware that these can introduce added complexity and risk. AI solutions often involve novel intellectual property rights, contractual and compliance questions and challenges. It’s vital to understand what kind of AI model is being used and what use cases may increase compliance risks, for example if planning to use an overseas hosted LLM to process sensitive medical personal data. Make sure you undertake AI-specific due diligence, some of which may be novel and quite different to DD conducted on more conventional software solutions. Assess how the AI operates, including issues around data protection, using confidential customer data to train its model, bias, transparency, and explainability. Make sure you are also clear on who owns any new intellectual property created by the AI, how decisions made by the system can be audited and understood, and whether the provider’s compliance approach aligns with your charity’s sustainability, regulatory and ethical policies and standards.
Get to know your support team and review contracts early
Getting to know the provider’s technical team is key to your project’s success and effective team collaboration. Ask to meet them early, understand their experience, culture and clarify who will support you during and after implementation. Good working relationships between your charity’s staff and the provider’s team can resolve issues quickly and avoid escalation.
It’s also important to review the contractual documents as early as possible, rather than waiting until the end. Make sure the terms are up to date, complete, fit for the solution's purposes and tailored to your charity’s needs. If documents, schedules and policies are missing, inconsistent or out of date, ask the provider to clarify, complete or update them at their own cost and time.
Taking the time to get these early steps right will save time, money, and hassle in the long run.
As the old saying goes - “Well begun is half done.”