What is the review process followed by your company while choosing SaaS products? Does the security team do an audit of the product - if so how do they evaluate the product?

736 views12 Upvotes2 Comments

Enterprise Architect in Finance (non-banking), 10,001+ employees
While it isn't always possible to do a pre-contract review, our security department does work closely with our procurement department to provide this analysis up front. Occasionally though, SasS services have been acquired outside of the standard procurement process.

But even post-contract we do regular reviews, based on three stages: a self-assessment by the vendor, a screening by our security team (we have a dedicated team for screening third parties), and of course independent validation by a proper auditing firm.

The screening we do is based on the publicly exposed information and infrastructure, as well as information provided by the SaaS vendor.

We currently see that as part of a vendor risk management process, which also has other areas in it (such as evaluating the financial maturity of the company, geographical and political risks, etc.)
Store Manager in Retail, 10,001+ employees
Audit the product
Assess its security,
Vendor image in market, and
industry certifications if any.

In order to minimize the investment risk.

Content you might like





70k views166 Upvotes58 Comments

Company financial stability56%

Industry trends46%

Length of time in business44%

Recent layoffs or restructuring44%

Employee turnover rate38%



Blindly following Review sites (eg. GlassDoor)5%



4.5k views7 Upvotes3 Comments