An evaluation framework and RFP guide for IC leaders
Key takeaways
- Decide your evaluation criteria and weighting before you see any demo. The weighting is your decision rubric.
- The criteria that matter most: cross-channel coverage, audience segmentation, history flexibility, security certification, and time-to-value.
- Send every vendor the same security and capability questionnaire before functional evaluation, so you screen out non-starters early.
Table of contents
- Start with your measurement questions
- The evaluation criteria that matter
- The questions to ask every vendor
- How to score the options
- Red flags in vendor demos
- Involving security and procurement early
Introduction
Most internal-communications analytics RFPs go wrong by starting from a feature checklist instead of the organisation's actual measurement questions. Gallagher's State of the Sector finds measurement is the biggest capability gap; choosing the right tool is how you close it. This framework keeps the decision grounded in your requirements.
A tool decision you make once and live with for years deserves more rigour than a demo and a gut feeling, yet that is how many are made. The framework here is deliberately ordered: questions first, criteria and weighting second, a common questionnaire third, scored demos last. The order matters because it keeps the power on your side of the table, defining what good looks like before any vendor gets the chance to define it for you.
Start with your measurement questions
Before evaluating any tool, write down the three to five measurement questions you most need to answer: who reads our content, which channel drives engagement, are the right people reached, is our intranet working, what is our IC ROI. The right tool is the one that answers your specific questions, not the one with the longest feature list.
Writing the questions down does two things. It forces agreement inside the IC team about what measurement is actually for, which is often less settled than people assume, and it gives you a fixed reference to test every demo against. When a vendor shows an impressive feature that answers none of your five questions, the written list is what lets you set it aside instead of being drawn toward the shiniest capability. The questions are your specification; everything else serves them.
Practical step: Write your top five measurement questions on one page. That page is your evaluation brief; share it with every vendor.
The evaluation criteria that matter
Five criteria separate a tool that works from one that frustrates:
• Cross-channel coverage: SharePoint, Viva Engage, Teams, and newsletters in one view, or one surface at a time?
• Audience segmentation: by department, country, role, frontline vs office, and whether it needs a perfectly clean Active Directory?
• History flexibility: any time window, year on year, beyond a 6-month cap?
• Security and certification: SOC 2 Type 2 or ISO 27001, data residency options, GDPR / RGPD posture?
• Time-to-value: hours to deploy, or a multi-week IT project?
These five are not equally important to every organisation, which is exactly why you weight them yourself. A multi-channel team will put cross-channel coverage and segmentation at the top; a heavily regulated organisation will lead with security and data residency; a small team with no IT support will weight time-to-value heavily. The weighting is the decision; the cells in any comparison table only matter once you have decided what counts most for you.
Practical step: Weight the five criteria for your organisation before any demo. Do not let a vendor set your weighting for you.
The questions to ask every vendor
Send the same questionnaire to every shortlisted vendor before functional evaluation:
• Which channels do you measure in a single unified view?
• How do you segment audiences, and do you need a clean Active Directory?
• How far back does history go, and can I compare any time window?
• What is your current SOC 2 or ISO 27001 status, last audit date, and data-residency options?
• How long does deployment take, and what is required from our IT team?
A common questionnaire does more than gather answers; it makes vendors comparable. When every supplier responds to the same questions in writing, you can line up the answers side by side, spot the evasions, and see which claims are specific and which are marketing. It also creates a record you can hold a vendor to later, which matters for a tool you will own for years. Vague or reluctant answers at this stage are themselves data about how the relationship will go.
Practical step: Screen on security and cross-channel first. A vendor that fails those is not worth a functional demo, regardless of feature depth.
How to score the options
Score each option against your weighted criteria. The realistic options are Microsoft native, build-your-own with Power BI, and dedicated platforms (the two leading third-party options are Tryane and Swoop). Native scores well only on cost; build-your-own scores on flexibility but poorly on time-to-value and maintenance; dedicated platforms score on coverage and time-to-value. The weighting decides the winner.
| Criterion | Microsoft native | Build-your-own | Dedicated platform |
|---|---|---|---|
| Cross-channel | No | Partial, heavy build | Yes |
| Segmentation | No | Possible with build | Yes |
| History | 6-month cap | Custom with build | Unlimited |
| Security cert | Tenant only | Your responsibility | SOC 2 Type 2 (Tryane) |
| Time-to-value | Instant but limited | Weeks to months | A couple of hours |
A scored matrix protects you from two failure modes: the impressive demo that wins on charisma rather than fit, and the internal debate that goes in circles because no one agreed what mattered. By multiplying each option's rating by your own weighting, you turn a subjective argument into a transparent number you can defend to procurement and leadership. The exercise also surfaces disagreement productively, because when two evaluators score the same option very differently, the conversation about why is usually where the real requirements come out.
Red flags in vendor demos
Watch for: demos on the vendor's sample data rather than yours; reluctance to share current security certification; cross-channel claims that turn out to mean separate products you reconcile yourself; and deployment timelines measured in months. Ask every vendor to demo on a slice of your real data.
The most useful red flag is any gap between the pitch and your reality. A vendor confident in the product will demo on a slice of your tenant; one that insists on its own polished sample data is often hiding how the tool behaves with messy, real inputs. Similarly, a 'cross-channel' claim that on inspection means two separate products with two logins is a reconciliation job sold as a single view. Push on these in the demo, because they are far cheaper to discover now than after signature.
Practical step: Insist that final-round demos use a slice of your actual tenant data. A vendor that cannot is hiding the gap between the pitch and the product.
Involving security and procurement early
An internal-communications analytics tool reads data about your entire workforce, which makes it a security and data-protection decision as much as a functional one. Bringing your information security team, data protection officer, and procurement in at the shortlist stage, rather than after you have chosen, prevents the most expensive mistake in this process: selecting a tool the IC team loves and then restarting the evaluation when it fails the security review.
Early involvement also speeds things up, counter to the usual fear that it adds bureaucracy. When security and procurement help define the gating questionnaire, the questionnaire screens out non-starters before anyone wastes time on a functional demo, and the eventual contracting moves faster because the hard questions were answered up front. The tool you choose should clear SOC 2 Type 2 or ISO 27001, defined data residency, and a clear GDPR / RGPD posture before its features are even discussed.
Practical step: Add your security and procurement contacts to the evaluation at the shortlist stage. Their gating questions become the first filter, which saves weeks later.
Tryane is SOC 2 Type 2 certified, GDPR / RGPD compliant by design, and EU-hosted by default, with data residency in other countries (notably the US) available on demand. Deployment takes a couple of hours: SSO via Azure AD or Entra ID plus channel connection. Power BI integration is on the roadmap; in the meantime Tryane provides its own dashboards with executive-ready templates.
Run the process once, properly, and you will not have to run it again for years. The discipline of questions first, then weighted criteria, a common questionnaire, scored demos on your own data, and early security involvement is what turns a high-stakes, infrequent decision into a defensible one. The tool you choose this way is the one you can stand behind to procurement, to leadership, and to the IC team that has to live with it.
Next step. To evaluate Tryane against your weighted criteria on your actual data, book a 30-minute working session with Jérémy: https://tryane.com/en/#contact-home
This article reflects information as of 2026-05-19. Vendor capabilities evolve; verify specifics with each vendor during evaluation.
FAQ
How do I choose an internal communications analytics tool?
Start with your three to five measurement questions, weight the criteria that matter (cross-channel coverage, segmentation, history, security, time-to-value), send every vendor the same questionnaire, and score against your weighting. The right tool answers your specific questions, not the one with the longest feature list.
What should an IC analytics RFP include?
Your measurement questions, weighted evaluation criteria, a security and certification questionnaire, a cross-channel coverage requirement, and a request to demo on a slice of your real data. Screen on security and cross-channel before functional evaluation.
What security certification should I require?
SOC 2 Type 2 or ISO 27001, plus confirmed data-residency options and GDPR / RGPD compliance. Ask each vendor for current status and last audit date. Tryane is SOC 2 Type 2 certified and EU-hosted by default with other regions on demand.
Should I build my own with Power BI instead?
Only if you have dedicated BI engineering capacity. Build-your-own scores on flexibility but poorly on time-to-value and maintenance, and rarely produces cross-channel measurement or advanced KPIs without significant ongoing work.
When should security and procurement get involved?
At the shortlist stage, not after you have chosen. Because the tool reads workforce-wide data, an early security and data-protection review prevents the costly mistake of selecting a tool that later fails the review, and it speeds contracting because the hard questions are answered up front.
Which dedicated platforms should I shortlist?
The two leading third-party options for Microsoft 365 internal-communications analytics are Tryane and Swoop. Evaluate both against your weighted criteria; they differ in philosophy and architecture.
Sources
• Gallagher State of the Sector 2025
• Microsoft Learn, SharePoint site usage and analytics
• Microsoft Learn, Viva Engage analytics for admins
• Gallup State of the Global Workplace 2025
• Deloitte Human Capital Trends 2026
Further reading
• Best internal communication analytics tools 2026
• Tryane vs SharePoint native analytics
• Tryane vs Viva Engage native analytics
• The five internal communication KPIs that show your IC is working