What To Consider
You want to introduce an employee app in your company? Good choice! But there are some criteria, which are not known to every decision maker at the beginning. To provide clarity, we will name some important key factors to consider when choosing an employee app.
1. Your Company’s Password Policy
Security against external access is of central importance for every digital tool used in a company. Digital tools usually follow the method of entering a username and user-specific password.
For an employee app to be used and cleared by IT security, it is necessary to adapt the company’s password guidelines for access to the app. A good employee app should allow these settings to be easily configurable via the content management system.
It would be even better, if the application supports the use of an OAuth protocol such as SAML. This user then can simply log in via his company account. In addition, the accesses are also easy to manage should employees leave the company. If the company account is deactivated, access to the app is automatically revoked.
2. IT Security Requirements
For every software used in a company, an examination by IT security is necessary. In such an examination, which usually takes place via a company-specific questionnaire, relevant queries are carried out for data security and data privacy, which result in a classification of the application.
Depending on the data used, there are usually different classifications and correspondingly different requirements. Without clearance by IT security, the employee app will not go live, so close coordination is essential.
When choosing an employee app, make sure that the provider answers the questions of your IT security colleagues as transparently as possible and that a common solution for possible weaknesses can be found.
3. Application Area Flexibility
Many applications are very rigidly focused on one area of application and allow little flexibility in terms of design as well as the range of their functions.
With your employee app, you should make sure that you can administer and customize as much as possible yourself using the provided CMS. With a flexible design, many functions can be used for different subareas. For example, a social feed for user’s posts, can be used to display impressions and also for Q&A calls. The application as a chat function, for specific groups and teams, or as a discussion wall for current topics, is also frequently used.
Important for such different areas of application is the adaptation of the wording, so that all users know the purpose of the respective feature. This flexibility applies to the individual functions as well as to the entire application. Introduced as an onboarding app, it can also be used as a trainee or team app, for example, thanks to its flexible design. This way, the synergies of an SaaS solution can be fully exploited.
4. Server Premise Europe
With modern software, such as mobile apps, there is no way around the cloud to create a high-performance application. Cloud solutions guarantee the scalability of the application and the use of current technologies. The market of cloud providers, in turn, is dominated by North American products such as AWS, Google Cloud or Microsoft Azure, which has many data security specialists worried.
However, this circumstance is not necessarily a criterion for not meeting all the requirements of the GDPR. It must be ensured that the location of the respective data center is in Europe and that the processing also takes place exclusively at European locations. In connection with an app provider, which also comes from Germany or Europe, a data protection compliant hosting can be realized. Of particular importance, however, is that the app developer himself is located in Germany and that the development is not outsourced, so that data may be stored and processed outside the European Economic Area.
5. GDPR Compliance
The question of conformity should already be answered for providers as a matter of course. However, the legal view of the GDPR also differs considerably within Europe. And even if you are considering a licensed solution from the Anglo-Saxon area, it should be checked whether and how the requirements of the GDPR, such as data portability or the right to erasure, have been implemented.
It is advisable to request an order processing contract at an early stage in the qualification of the service providers and to initiate the exchange between the data protection officers of your company and the service provider. Professional service providers will send you a corresponding document in which, in addition to the legal provisions, the technical-organizational measures, authorized personnel, authorized sub-service providers and the contact data of the data protection officer are included. The exchange between the data protection officers usually helps to identify and eliminate possible obstacles at an early stage.
6. „Do-it-yourself“ Content Management System
Usually the end user only experiences the surface of the application, where usability and functions play a major role. However, the real engine lies below, namely the content management system. Administrators depend on an intuitive CMS, which in turn makes the daily work easier. Structure and usability play a central role in this. Therefore, a clear focus should be placed on a well-structured, easy-to-use and helpful content management system.
A good content management system can be recognized by the fact that its structure is clearly defined. Content can be integrated via “copy & paste” and functions can be easily activated and deactivated. However, content management systems where content is operated via program-specific commands should be treated with caution. These systems usually require a very high training effort, in the follow-up.
7. Works Council Approval And Involvement
The works council will claim its legitimate right to have a say in the implementation process. According to the Works Constitution Act, the works council has at least a right to information, up to the right of co-determination, depending on how and to what extent a digital solution will be implemented. If necessary, it may even use a veto if it has the impression that it is being overlooked.
It is therefore necessary to involve the works council as early as the conception and planning phase. Questions about the area of application, the functions and technical possibilities will help you to choose an appropriate application and at the same time bring the works council on board.
The focus should stay on the possibilities offered to the employees and how the flow of information and communication can be optimized. The works council itself can also be enabled to publish news and information to the employees via the app themselves.
8. Continuous Development
Where and how does the actual development of the application take place? Does it take place in Europe, Asia or the USA? Does the provider rely on their own development or on near- and offshoring? Is the application developed in-house or licensed? These are the questions you should ask your potential providers.
Especially in the case of licensed applications, there is no contact to the actual developer and therefore no possibility to ask for special adaptations and further developments of the application. This may not have a great influence during the introduction of the application. However, in the course of long-term cooperation and implementation, this usually becomes an obstacle, in the expansion of the application and in the adaptation to specific company processes.
If you follow these instructions, there is nothing to stop you from launching a successful employee app. Being a provider ourselves in this area, we can guarantee to take these criteria into account.
Learn more about our solution and arrange a personal meeting with our consultants at sales@plazz.ag!
