SaaS request support

Question guide

Important: The SaaS request form cannot be saved partway through, so please ensure you have prepared your responses in advance by following the question guide below.

We’ve highlighted sections where we recommend gathering the required information before starting the form.

Software details

Question

What does this software do?

What is the primary function of the software?

Examples

  •  A project management and task-tracking platform used to plan work, assign tasks, monitor progress, share updates, and collaborate across teams in real time.
  • A customer relationship management (CRM) system used to securely store and manage contact information, track interactions, generate reports, and support service delivery or stakeholder engagement.

If there is an online demo/promotional video of the software, please provide the link.

Question

Software supplier contact details

Please provide the name and email address of your contact person at the supplier.

Question

What is the approximate cost of the software? 

Please provide details on the following:

  • Are license costs per user? If so, how much per user?
  • Does the solution require a long-term financial commitment, such as minimum contract terms or automatic renewal periods?

Is there an enterprise (site-wide) license that allows anyone in the University to use the software and if so, how much does that cost as an alternative?

If the costs exceed statutory thresholds for conducting a tender process, you will be referred to the Procurement team.

User access

Question

Does the software supplier support the secure sign-in options MFA and/or SSO?

All SaaS applications must support secure user sign-in (authentication) methods: Loughborough University Single Sign On (SSO) and/or Multi-factor authentication (MFA). 

This is a mandatory requirement to protect University systems and data. Your risk assessment cannot be completed without this information.

Question

What type of authentication platform (MFA/SSO) does the software supplier use?

For example, Duo Security, Microsoft or Google Authenticator for MFA, or Microsoft Entra ID for SSO.

Question

What is the login URL for the application?

Please provide the login URL (the web address you use to access and sign in to the application).

It’s the page where you enter your username and password.

Question

Who will be interacting with the system?

This question is to identify the user groups who will be using the system.

For example: Student (UG/PGT), Staff, Doctoral Researcher etc.

Note: Please select an option from the list provided in the form.

Question

Approx. number of users accessing the system?

Option to select either; less than 50 users or more than 50 users.

Question

How many system administrator accounts will you need?

To support the initial setup and ongoing management of the software, how many administrator accounts will you need? 

Administrator accounts are assigned to individuals responsible for activities such as:

  • Adding or removing user accounts
  • Reviewing or analysing user data
  • Generating management or operational reports, etc.

Types of data

Question

What type of personal data will the software solution require access to?

Personal data is any information that can identify a person, directly or indirectly.

To help understand how data is used, which personal details will this software access?

Examples include:

  • Name
  • Personal email
  • Lboro email address
  • Personal or work telephone 
  • Mobile number 
  • Home address 
  • Account information, etc. 

Note: Please select an option from the list provided in the form.

Help with using personal data

Question 

What type of sensitive personal data will the software solution require access to?

Sensitive data (called Special Category Data in GDPR) is a more protected, high‑risk type of personal data. It reveals deeply private, vulnerable, or potentially discriminatory information.

This type of data has extra legal safeguards, requires stronger justification, and usually explicit consent before processing.

Examples include:

  • Health or medical information
  • Biometric data (face scan, fingerprints)
  • Genetic data
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade‑union membership
  • Sexual orientation or sex life

Note: Please select an option from the list provided in the form.

Special Category Data guide

Question

Where will the software supplier store the data for this system? In the UK? EU? Other? 

This helps us understand where the software supplier stores data and whether it is kept within the UK or EU, or transferred internationally.

Most software suppliers have information about their data policies, storage, management and security on their websites.

Your risk assessment cannot be completed without this information.

Quick links

Requesting Software as a Service