SaaS Definition

Software as a Service (SaaS) is a piece of software that is cloud-based and hosted by a vendor rather than requiring the University to install and host the service on premises. This can include subscription and portal services.

SaaS requests are taken through the Software Risk Assessment process (SRA). This process can take anything from a few weeks to several months to complete depending on how responsive the vendor is when working with LU colleagues, and the requestors' availability to answer follow-up questions.

The SRA process is to ensure that all software meets the Cyber Essentials security requirements and upholds the University’s IT and data standards.

If data (personal or sensitive) is going off campus, the chances are it will need to go through the SRA.

Below are examples of when it will NOT need to go through the SRA?

Individual

If an Individual is signing up for something, then this process is not aimed at them. The SRA is for groups of people using a new piece of software. Generally, this process is aimed at groups of ten-plus people. So, for instance, a few academics signing up to a subscription service to access some specific journals is not something that would go through the software risk assessment.

Registering an account

If you are not buying a software solution but instead are registering an account as a means to access something, for example using the ‘Enterprise’ website to hire a car, then this is not a software solution and does not need to go through the software risk assessment.