Risk & Compliance Management
-
- Set up and populate your SaaS stack
- Integrate your ERP & Accounting software with Sastrify
- Tool Discovery via SSO (Single Sign-On) discovery integrations
- Set Renewal Dates & Reminders
- Assign and modify Tool Owners
- Upload your SaaS documents into Sastrify
- Sastrify App Support: Assistance at your Fingertip
- Roll out Sastrify across your organization
- Sastrify's Commitment to Security and Privacy Standards
-
- Google Workspace SSO Integration for Tool Discovery
- Enhance organizational SaaS management with HRIS Integrations
- Summary Tab for storing your subscription details
- Use Discovered Page to detect active subscriptions
- Tools and Spend Importer: Easily upload and visualize data in Sastrify
- Align vendor names using the Tool Matching feature
- Add Sastrify App to your Slack workspace
- Manually add a new tool subscription
- Bulk upload of SaaS invoices
- Forward your SaaS documents via email
- Change notification preferences
- A quick glance at your stack using the Overview Page
- Manage activities and collaborate using custom tasks
- Task Automation: Streamline the creation of routine tasks
- Archive or delete inactive subscriptions
-
- Get Expert Procurement Support for New Purchases and Renewals
- Create and Manage Procurement Support using Sastrify - Jira Integration
- Scope of Service: Custom Benchmarking & Contract Review
- Scope of Service: Negotiation & Renewal Support
- Scope of Service: Custom SaaS Optimization Advisory
- Purchase your SaaS through the SastriMarket
- Control your cloud costs with SastriCloud
-
- Utilize Usage Analytics for full usage visibility
- Integrate Pleo with Sastrify
- Validate and fine-tune spend data with the Spend feature
- How to connect Microsoft Dynamics
- How to connect Netsuite
- How to connect Quickbooks
- Import spend data from Candis to Sastrify
- Import spend data from Spendesk to Sastrify
- Import spend data from Pleo to Sastrify
- Import spend data from Moss to Sastrify
- Import spend data from DATEV to Sastrify
- Zoom Usage Analytics Integration Guide
-
- ERP & Accounting Integration FAQs
- Discovery via SSO Integration FAQs
- HRIS Integration FAQs
- Usage Analytics FAQs
- Tools and Spend Importer FAQs
- Invoices FAQs
- Achieved & Potential Savings FAQs
- What is SaaS and Sastrify's scope of work?
- Who can invite a new user?
- Who receives the renewal alerts or reminders?
- How does Sastrify work with currencies?
- Is the spend data from accounting export always up-to-date?
- How to work with benchmark prices
- When and how to involve Sastrify in a contract evaluation or negotiation?
- How does Sastrify interact with SaaS vendors?
- How do you handle confidentiality clauses in vendor contracts?
- Does Sastrify handle SaaS contract termination?
- Why is contract data essential for benchmarking and negotiation support?
-
- Connecting your accounting software with Sastrify
- How to assign Tool Owners
- What Sastrify can do for Tool Owners
- How to set renewal dates
- How to set up a company-wide renewal reminder
- How to keep your tool stack updated
- How to set up, activate, and use a Workflow
- How to invite new users to Sastrify
- How to use Procurement Initiatives for new purchase & renewal
- How to collaborate using custom tasks
- Report issues and track procurement involvements
- Best Practices on how to work with Procurement Initiatives
- How to set up direct usage analytics integration
- How to set up SSO usage analytics integrations
- How to work with the Discovered tab
- How to use subscription tags
- Walk-through of the subscription detail page
Detailed Evaluation Criteria for Risk Scores Print
Modified on: Tue, 4 Feb, 2025 at 7:57 PM
Sastrify Radar empowers IT and compliance teams to uncover, assess, and manage shadow IT within their organization. Through automated risk scoring for identified tools, this feature offers actionable insights that facilitate well-informed decision-making to reduce compliance risks, strengthen security, and boost operational effectiveness.
For a more detailed knowledge base on Sastrify Radar, click here.
Using browser extensions and/or SSO discovery integrations, it finds shadow IT assets and automatically assigns risk scores, leveraging a built-in AI agent that analyzes publicly available information on vendors and products.
We categorize scores into three risk levels:
- Low Risk (0-35): Minimal risk with no significant threats to security or operations.
- Medium Risk (36-64): Moderate risk with potential issues that should be addressed.
- High Risk (65-100): Significant risk requiring immediate action to mitigate security and operational threats.
The total score is made up of 10 scoring criteria that represent the common factors that SaaS companies consider when conducting risk assessments. Please see below for detailed information on how Sastrify defines and scores each criterion.
Data Protection Compliance
Evaluation: Assess compliance with GDPR and other relevant data protection regulations.
Weight: 20
- 0: Fully compliant with all data protection regulations (e.g., GDPR, CCPA).
- 50: Partially compliant; some gaps in policies or implementation.
- 100: Non-compliant; significant violations or lack of policies.
Security Posture
Evaluation: Evaluate security practices and certifications.
Weight: 15
- 0: Holds recognized security certifications (e.g., ISO 27001, SOC 2) and employs robust security measures.
- 50: Implements basic security measures without formal certifications.
- 100: Lacks adequate security measures; no certifications.
Financial Stability
Evaluation: Examine financial health and sustainability.
Weight: 10
- 0: Strong financial health; profitable and stable.
- 25: Good financial health; growing revenue but not consistently profitable.
- 50: Moderate financial health; some concerns about sustainability.
- 100: Poor financial health; significant financial risks.
Vendor/Product Reputation and History
Evaluation: Assess market reputation and historical performance.
Weight: 10
- 0: Excellent reputation, strong market presence, and positive feedback.
- 25: Good reputation; mostly positive feedback but with some minor issues.
- 50: Mixed reputation; some negative feedback or incidents.
- 100: Poor reputation; unresolved issues or scandals.
Business Continuity and Disaster Recovery
Evaluation: Evaluate the robustness of continuity and recovery plans.
Weight: 10
- 0: Comprehensive, documented, and regularly tested plans.
- 50: Plans exist but are incomplete or infrequently tested.
- 100: No formal plans in place; unprepared for disruptions.
Regulatory Compliance (Industry-Specific)
Evaluation: Check compliance with industry-specific regulations (e.g., HIPAA, PCI DSS).
Weight: 10
- 0: Fully compliant with all relevant industry regulations (e.g., HIPAA, PCI DSS).
- 50: Partially compliant; working towards full compliance.
- 100: Non-compliant; disregards industry regulations.
Operational Maturity
Evaluation: Assess the maturity of operational processes.
Weight: 5
- 0: Highly optimized processes (e.g., CMMI Level 5).
- 50: Defined, established processes with room for improvement.
- 100: Poor operational maturity; ad-hoc or chaotic processes.
Supply Chain Risks
Evaluation: Analyze risks associated with third-party dependencies.
Weight: 5
- 0: Strong control over suppliers and partners.
- 50: Some controls are in place, but gaps exist.
- 100: High risk; poor control over third-party dependencies.
Incident History
Evaluation: Review past security incidents and responses.
Weight: 10
- 0: No significant incidents; proactive risk management.
- 25: Minor incidents resolved effectively.
- 50: Major incidents that were resolved but impacted operations.
- 100: Unresolved or recurring incidents; poor incident management.
Support and Maintenance Capabilities
Evaluation: Evaluate the quality and reliability of support services.
Weight: 5
- 0: Excellent support; high customer satisfaction and responsiveness.
- 25: Good support; reliable but with occasional issues.
- 50: Adequate support; noticeable delays or limitations.
- 100: Poor support; frequent complaints or unavailability.
Did you find it helpful? Yes No
Send feedback