Basis for decision-making

- Reading time: 4 minutes -

In companies/organizations/authorities, it is always the task of the “IT/EDP” department to create an overview of “secure” messengers, which then serves as an internal basis for decision-making. It is not advisable to create a new “Which messengers are available on the market” overview (there are hundreds of messengers!).
Instead, various overviews are recommended as a starting point and basis: >> here <<

Every company, authority or organization has its own requirements for its IT system, which is why a specification sheet is usually created as a basis for decision-making. This lists all points and criteria relevant to the decision.

Criteria and evaluation

As a suggestion for an overview of criteria, reference is made here to the overview of “freie-messenger.de”, which is sorted according to different areas. This may be used freely and changed/amended/adapted for your own purposes. In order to obtain a comprehensible decision that is then also accepted by all parties involved, the individual areas or criteria should first be weighted and then rated in a usefulness analysis. It is important that the bodies involved agree on a common approach and then evaluate the criteria accordingly.

In many comparisons, the criterion “security” is often window dressing by companies that want to sell their product and should therefore be precisely defined and differentiated from data protection when listing criteria. For example, general terms and conditions, collection of metadata, openness of source, server communication, encryption technology, identification codes, …

Secure end-to-end encryption is overrated - it is not the benchmark but merely a basic requirement that all current systems/messengers should be able to handle.

The network structure also plays a role when deciding which messenger to use. In addition to these underlying technical conditions, it is helpful to distinguish the communication rules (“protocols”) based on these from the application programs (“clients”) and to define your own requirements here too. Important questions that you may not think about at first may be: Should/must the protocol be verifiable, generally available, expandable? Is there a development model that also takes into account the handling of discovered errors (“bugs”)? …

Certain mandatory or knock-out criteria can also be specified in advance.

Possible criteria for awarding points are very individual:

  • 5-point system with neutral “center”:
    • 5=Very important / 4=Important / 3=Neutral / 2=Less important / 1=Insignificant
    • 5=Perfect / 4=good / 3=neutral / 2=bad / 1=poor
  • based on the school grading system: grade 1 = 6 points, …, grade 6 = 1 point
  • more finely granulated with 1 to 10 points or
  • only yes (1 point) and no (no point)

Example excerpt from a utility analysis/decision matrix: Screen copy / Example of utility analysis

Advantages

  • Decisions can be made transparently.
  • The decision-making process is available in writing and can also be retraced in the future.
  • The benefit analysis can be carried out well in a team and/or by different people and serve as a basis for discussion.

Disadvantages

  • The evaluation is quite subjective.
  • The determination of the weighting and the awarding of points are not precisely measurable processes.
  • The method quickly becomes time-consuming with a large number of alternatives and/or evaluation criteria.

Template

The table can be downloaded here as a basis for your own decision-making: