Risk & Compliance Management
-
- Set up and populate your SaaS stack
- Integrate your ERP & accounting software with Sastrify
- Tool Discovery via SSO (Single Sign-On) discovery integrations
- Admin Setup Guide: Sastrify for Chrome Browser Extension
- End User Guide: Add & activate Sastrify for Chrome Browser Extension
- Setup Guide: Sastrify for Microsoft Edge Browser Extension
- Set renewal dates & reminders
- Assign and modify tool owners
- Upload your SaaS documents into Sastrify
- Sastrify App Support: Assistance at your fingertip
- Sastrify's commitment to security and privacy standards
-
- Google Workspace SSO integration for subscription discovery
- Enhance organizational SaaS management with HRIS Integrations
- Summary tab for storing your subscription details
- Use discovered page to detect new subscriptions
- Tools and Spend Importer: Easily upload and visualize data in Sastrify
- Align vendor names using the Tool Matching feature
- Add Sastrify App to your Slack workspace
- Manually add a new subscription on the go
- How to bulk upload your invoices
- Forward your SaaS documents via email
- Change notification preferences
- A quick glance at your stack using the overview page
- Manage activities and collaborate using custom tasks
- Task Automation: Streamline the creation of routine tasks
- Sunset or delete inactive subscriptions
-
- Get expert procurement support for new purchases and renewals
- Create procurement support using Sastrify - Jira Integration
- Scope of service: Custom benchmarking & contract eview
- Scope of service: Negotiation & renewal support
- Scope of service: Custom SaaS Optimization Advisory
- Purchase your SaaS through the SastriMarket
- Control your cloud costs with SastriCloud
-
- Usage Analytics: Full visibility into usage and cost optimization
- How to integrate Pleo with Sastrify
- Spend Import: Validate and fine-tune your imported spend data
- How to connect Microsoft Dynamics 365
- How to connect Netsuite
- How to connect Quickbooks
- Export spend data from Candis to Sastrify
- Export spend data from Spendesk to Sastrify
- Export spend data from Pleo to Sastrify
- Export spend data from Moss to Sastrify
- Export spend data from DATEV to Sastrify
- Export spend data from Ramp to Sastrify
- Zoom usage integration guide
-
- Configure and manage your authentication settings
- Understanding user roles and permissions
- Microsoft SSO Login Configuration Guide
- Okta SSO Login Configuration Guide
- JumpCloud SSO Login Configuration Guide
- Cisco Duo SSO Login Configuration Guide
- OneLogin SSO Login Configuration Guide
- Having trouble logging in?
-
- ERP & Accounting Integration FAQs
- Discovery via SSO Integration FAQs
- Browser Extension FAQs
- HRIS Integration FAQs
- Usage Analytics FAQs
- Tools and Spend Importer FAQs
- Invoices FAQs
- Achieved & Potential Savings FAQs
- Form component guide for Sastrify form builder
- What is SaaS and Sastrify's scope of work?
- Who can invite a new user?
- Who receives the renewal alerts or reminders?
- How does Sastrify work with currencies?
- Is the spend data from accounting export always up-to-date?
- How to work with benchmark prices
- When and how to involve Sastrify in a contract evaluation or negotiation?
- How does Sastrify interact with SaaS vendors?
- How do you handle confidentiality clauses in vendor contracts?
- Does Sastrify handle SaaS contract termination?
- Why is contract data essential for benchmarking and negotiation support?
Detailed evaluation criteria for risk scores Print
Modified on: Mon, 24 Mar, 2025 at 3:06 PM
Shadow IT Radar enables IT and compliance teams to detect, assess, and manage shadow IT. With automated risk scoring, it provides actionable insights to reduce compliance risks, enhance security, and improve operations. For a detailed knowledge base on Shadow IT Radar, click here.
Using browser extensions, it identifies shadow IT assets and assigns risk scores through an AI agent that analyzes publicly available vendor and product information.
We categorize scores into three risk levels:
- Low Risk (0-35): Minimal risk with no significant threats to security or operations.
- Medium Risk (36-64): Moderate risk with potential issues that should be addressed.
- High Risk (65-100): Significant risk requiring immediate action to mitigate security and operational threats.
The total score is made up of 10 scoring criteria that represent the common factors that SaaS companies consider when conducting risk assessments. Please see below for detailed information on how Sastrify defines and scores each criterion.
Security Posture
Evaluation: Evaluate security practices and certifications.
Weight: 15
- 0: Holds recognized security certifications (e.g., ISO 27001, SOC 2) and employs robust security measures.
- 50: Implements basic security measures without formal certifications.
- 100: Lacks adequate security measures; no certifications.
Financial Stability
Evaluation: Examine financial health and sustainability.
Weight: 10
- 0: Strong financial health; profitable and stable.
- 25: Good financial health; growing revenue but not consistently profitable.
- 50: Moderate financial health; some concerns about sustainability.
- 100: Poor financial health; significant financial risks.
- Data Protection Compliance
Evaluation: Assess compliance with GDPR and other relevant data protection regulations.
Weight: 20
- 0: Fully compliant with all data protection regulations (e.g., GDPR, CCPA).
- 50: Partially compliant; some gaps in policies or implementation.
- 100: Non-compliant; significant violations or lack of policies.
Vendor Reputation and History
Evaluation: Assess market reputation and historical performance.
Weight: 10
- 0: Excellent reputation, strong market presence, and positive feedback.
- 25: Good reputation; mostly positive feedback but with some minor issues.
- 50: Mixed reputation; some negative feedback or incidents.
- 100: Poor reputation; unresolved issues or scandals.
Business Continuity and Disaster Recovery
Evaluation: Evaluate the robustness of continuity and recovery plans.
Weight: 10
- 0: Comprehensive, documented, and regularly tested plans.
- 50: Plans exist but are incomplete or infrequently tested.
- 100: No formal plans in place; unprepared for disruptions.
Regulatory Compliance
Evaluation: Check compliance with industry-specific regulations (e.g., HIPAA, PCI DSS).
Weight: 10
- 0: Fully compliant with all relevant industry regulations (e.g., HIPAA, PCI DSS).
- 50: Partially compliant; working towards full compliance.
- 100: Non-compliant; disregards industry regulations.
Operational Maturity
Evaluation: Assess the maturity of operational processes.
Weight: 5
- 0: Highly optimized processes (e.g., CMMI Level 5).
- 50: Defined, established processes with room for improvement.
- 100: Poor operational maturity; ad-hoc or chaotic processes.
Supply Chain Risks
Evaluation: Analyze risks associated with third-party dependencies.
Weight: 5
- 0: Strong control over suppliers and partners.
- 50: Some controls are in place, but gaps exist.
- 100: High risk; poor control over third-party dependencies.
Incident History
Evaluation: Review past security incidents and responses.
Weight: 10
- 0: No significant incidents; proactive risk management.
- 25: Minor incidents resolved effectively.
- 50: Major incidents that were resolved but impacted operations.
- 100: Unresolved or recurring incidents; poor incident management.
Support and Maintenance Capabilities
Evaluation: Evaluate the quality and reliability of support services.
Weight: 5
- 0: Excellent support; high customer satisfaction and responsiveness.
- 25: Good support; reliable but with occasional issues.
- 50: Adequate support; noticeable delays or limitations.
- 100: Poor support; frequent complaints or unavailability.
Did you find it helpful? Yes No
Send feedback