SaaS query
Review complete
Thank you for submitting your request. Based on your answers, your SaaS request is not required to go through the Software Risk Assessment process.
However, before you purchase or use the SaaS application, there are a couple of important things to be aware of, for which you are responsible for.
Important requirements
User access
To use the software, it must support SSO and/or MFA
All SaaS applications must support secure user sign-in (authentication) methods: Loughborough University Single Sign On (SSO) and/or Multi-factor authentication (MFA). This is a mandatory security measure to protect University systems and data.
If you have not already confirmed that MFA is supported, it is essential to do this now, failure to do so jeopardises the University Cyber Essentials certification that unpins significant University research activities.
If MFA is not supported, you must not proceed.
Setting up MFA/SSO
Confirm MFA options with the supplier (vendor) and manage setup and ongoing support directly with them.
If SSO is supported by the supplier, please submit a request via the IT Service Desk for assistance with setting this up it.services@lboro.ac.uk.
Personal and sensitive data
Complete a DPIA checklist
Before sharing any personal or sensitive data, you must assess the risks and put appropriate safeguards in place. A Data Protection Impact Assessment (DPIA) helps you identify and manage these risks.
Record keeping: The request falls outside of the Software Risk Assessment process(SRA) therefore, maintaining DPIA records is the responsibility of the requester / Business Owner.
Process review: If completing the DPIA shows that the SRA process is required due to the type of data being stored, you must submit the request through that process, even if this wasn’t identified at the outset.
For more information and access to the DPIA checklist, visit the What is a DPIA page.