Overview of SaaS
What is SaaS?
Software as a Service (SaaS) is software delivered over the internet rather than installed and run on University systems.
A typical SaaS product:
- Is cloud-based and accessed through a web browser
- Is licensed via a subscription, often charged per user
- Is fully managed by the vendor, including maintenance, upgrades and security
- Hosts data outside the University, usually with a third-party cloud provider
- Provides shared infrastructure, but with security controls so each organisation only accesses its own data
Because SaaS stores and processes University data externally, all new SaaS requests must go through the Software Risk Assessment (SRA) before the service is purchased or used.
What is the Software Risk Assessment (SRA)?
The SRA ensures proposed software meets University's expectations for:
- Cybersecurity
- Data protection and privacy
- Legal and policy compliance
- Technical integration and support
The process:
- Protects systems, users and data
- Helps prevent unexpected costs or risks
- Ensures only approved, secure services are adopted
The SRA applies to all cloud-based software used by staff, students, or both. Each request is reviewed individually by Digital, Data & Technology (DDaT).
How to begin the SRA process
Review the Guidance for requesting Software as a Service (SaaS) before starting.
You cannot save the form mid-way, so please gather the information in advance.After you submit your request:
- It will be reviewed by DDaT
- You may be contacted if further information is needed
- You’ll be notified when the request is approved and can proceed
- It will be reviewed by DDaT
Support
If you need help or guidance with the SaaS request process, contact the IT Service Desk.