Insights & Risk Monitoring
-
- Integrating HRIS to Enrich Identities & Insights
- Admin Guide: Deploying the Sastrify Chrome Extension
- Admin Guide: Deploying the Sastrify Microsoft Edge Extension
- Manual Installation Guide: Sastrify Chrome Browser Extension
- Manual Installation Guide: Sastrify Edge Browser Extension
- Setting renewal dates & reminders
- Assigning & Modifying Tool Owners
- Uploading & Managing Your SaaS Documents in Sastrify
- Sastrify App Support: Get Help & Give Feedback
- Sastrify's commitment to security and privacy standards
-
- Capturing Subscription Details with Contract AI
- Adding a New Subscription Manually
- Slack Integration: Bringing Sastrify into Your Internal Communication
- How to bulk upload your invoices
- Automating Document Uploads via Email Forwarding
- Managing Your Notification Preferences
- Tools and Spend Importer: Bulk Upload & Visualization
- Align vendor names using the Tool Matching feature
- Sunset or delete inactive subscriptions
-
- Workflows: Automate procurement processes with consistency
- Requests: Streamline procurement process and internal approval
- Get expert procurement support for new purchases and renewals
- How to submit and track Procurement Requests via Jira Integration
- Scope of service: Custom benchmarking & contract review
- Scope of service: Negotiation & renewal support
- Scope of service: Custom SaaS Optimization Advisory
- Purchase your SaaS through the SastriMarket
-
- Connecting Your ERP & Accounting Software
- Spend Import: Validate and fine-tune your imported spend data
- How to connect Workday ERP
- How to connect Microsoft Dynamics 365
- How to connect NetSuite
- How to connect Quickbooks
- How to integrate Pleo with Sastrify
- Export spend data from Candis to Sastrify
- Export spend data from Spendesk to Sastrify
- Export spend data from Pleo to Sastrify
- Export spend data from Moss to Sastrify
- Export spend data from DATEV to Sastrify
- Export spend data from Ramp to Sastrify
-
- Configure and manage your authentication settings
- Understanding user roles and permissions
- Configuring Microsoft SSO Authentication for Sastrify
- Configuring Okta SSO Authentication for Sastrify
- Configuring JumpCloud SSO Authentication for Sastrify
- Configuring Cisco Duo SSO Authentication for Sastrify
- Configuring OneLogin SSO Authentication for Sastrify
- Configuring Cloudflare SSO Authentication for Sastrify
- Having trouble logging in?
-
- ERP & Accounting Integration FAQs
- SSO / IDP Discovery Integration FAQs
- Browser Extension FAQs
- HRIS Integration FAQs
- Usage Analytics FAQs
- Contract AI & Subscription Details FAQs
- Tools and Spend Importer FAQs
- Invoices FAQs
- Achieved Savings FAQs
- Form component guide for Sastrify form builder
- What is SaaS and Sastrify's scope of work?
- Who can invite a new user?
- Who receives the renewal alerts or reminders?
- How does Sastrify work with currencies?
- Is the spend data from accounting export always up-to-date?
- How to work with benchmark prices
- When and how to involve Sastrify in a contract evaluation or negotiation?
- How does Sastrify interact with SaaS vendors?
- How do you handle confidentiality clauses in vendor contracts?
- Why is contract data essential for benchmarking and negotiation support?
AI-Powered Risk Scoring: How Shadow IT Radar Evaluates Assets Print
Modified on: Fri, 13 Feb, 2026 at 11:40 AM
Detecting an unauthorized asset is only the first step. To help you prioritize your response, Sastrify’s Shadow IT Radar uses a specialized AI agent to research and score the risk level of every asset discovered via your Identity Provider (IdP) and browser extensions.
Instead of performing manual security reviews for every small asset, our AI automatically gathers publicly available data to provide a baseline security posture for thousands of SaaS publishers and products.
For a detailed knowledge base on Shadow IT Radar, click here.
Understanding the Risk Levels
Every discovered asset is assigned a numerical score from 0 to 100. A higher score indicates a higher risk profile.
- Low Risk (0-35): Minimal risk with no significant threats to security or operations.
- Medium Risk (36-64): Moderate risk with potential issues that should be reviewed and addressed.
- High Risk (65-100): Significant risk requiring immediate action to mitigate security or operational threats.
Pro-Tip: Actionable Defense
Don’t feel overwhelmed by the total number of assets. Use the Filter tool in the Shadow IT Radar to view assets from high to low risk. Click the arrow next to a specific asset to see a detailed breakdown of which of the 10 criteria contributed to its risk rating.
The 10 Scoring Criteria
Sastrify’s AI evaluates vendors across ten distinct categories. Each category is weighted based on its impact on enterprise security and compliance, as well as the common factors that SaaS companies consider when conducting risk assessments.
Security Posture
Evaluation: Evaluate security practices and certifications.
Weight: 15
- 0: Holds recognized security certifications (e.g., ISO 27001, SOC 2) and employs robust security measures.
- 50: Implements basic security measures without formal certifications.
- 100: Lacks adequate security measures; no certifications.
Financial Stability
Evaluation: Examine financial health and sustainability.
Weight: 10
- 0: Strong financial health; profitable and stable.
- 25: Good financial health; growing revenue but not consistently profitable.
- 50: Moderate financial health; some concerns about sustainability.
- 100: Poor financial health; significant financial risks.
- Data Protection Compliance
Evaluation: Assess compliance with GDPR and other relevant data protection regulations.
Weight: 20
- 0: Fully compliant with all data protection regulations (e.g., GDPR, CCPA).
- 50: Partially compliant; some gaps in policies or implementation.
- 100: Non-compliant; significant violations or lack of policies.
Vendor Reputation and History
Evaluation: Assess market reputation and historical performance.
Weight: 10
- 0: Excellent reputation, strong market presence, and positive feedback.
- 25: Good reputation; mostly positive feedback but with some minor issues.
- 50: Mixed reputation; some negative feedback or incidents.
- 100: Poor reputation; unresolved issues or scandals.
Business Continuity and Disaster Recovery
Evaluation: Evaluate the robustness of continuity and recovery plans.
Weight: 10
- 0: Comprehensive, documented, and regularly tested plans.
- 50: Plans exist but are incomplete or infrequently tested.
- 100: No formal plans in place; unprepared for disruptions.
Regulatory Compliance
Evaluation: Check compliance with industry-specific regulations (e.g., HIPAA, PCI DSS).
Weight: 10
- 0: Fully compliant with all relevant industry regulations (e.g., HIPAA, PCI DSS).
- 50: Partially compliant; working towards full compliance.
- 100: Non-compliant; disregards industry regulations.
Operational Maturity
Evaluation: Assess the maturity of operational processes.
Weight: 5
- 0: Highly optimized processes (e.g., CMMI Level 5).
- 50: Defined, established processes with room for improvement.
- 100: Poor operational maturity; ad hoc or chaotic processes.
Supply Chain Risks
Evaluation: Analyze risks associated with third-party dependencies.
Weight: 5
- 0: Strong control over suppliers and partners.
- 50: Some controls are in place, but gaps exist.
- 100: High risk; poor control over third-party dependencies.
Incident History
Evaluation: Review past security incidents and responses.
Weight: 10
- 0: No significant incidents; proactive risk management.
- 25: Minor incidents resolved effectively.
- 50: Major incidents that were resolved but impacted operations.
- 100: Unresolved or recurring incidents; poor incident management.
Support and Maintenance Capabilities
Evaluation: Evaluate the quality and reliability of support services.
Weight: 5
- 0: Excellent support; high customer satisfaction and responsiveness.
- 25: Good support; reliable but with occasional issues.
- 50: Adequate support; noticeable delays or limitations.
- 100: Poor support; frequent complaints or unavailability.
Did you find it helpful? Yes No
Send feedback