Oct 1 2018
Managing SaaS Part 5 – Comply With Regulations And Certifications
Alpin is now CoreSaaS.
Managing SaaS Part 1 – with links to all other parts.
The hardest part about working in compliance? People. People create challenges for compliance professionals. Yet, we need the cooperation of others to achieve organizational compliance.
Some of the best compliance people I have worked with treated compliance as a team goal. Their role was to help, educate, and guide others. SaaS management, at a minimum, can give you the visibility to know who to help and how urgently.
And more importantly, there are now some SaaS management tools that highlight vendor compliance status, and even help automate some compliance tasks.
Why Does SaaS Compliance Matter?
Having worked with some outstanding compliance professionals in the past, this likely goes without saying: whether data is stored on your server or someone else’s server, your company is ultimately responsible for safeguarding the data.
Since vendors operate many of those servers holding your data, vendor compliance is your responsibility as the data owner.
And it’s not going to go well if you say you didn’t know. Ignorance of shadow SaaS vendors, in the event of a breach or audit, does not get you out of this responsibility.
Want to get jump-started on finding shadow SaaS so you know what to evaluate for compliance? Contact us for a 10-minute demo. You’ll see how Alpin can work for you.
How Does Alpin Help With Compliance?
Alpin starts by discovering previously-hidden applications and presenting a list of every SaaS vendor being used. Then, most compliance people want to do two things: assess and report on said vendors. A few SaaS management tools, including Alpin, help you:
- View vendor compliance status with GDPR, ISO, Privacy Shield, SOC, etc.
- Send your own assessment forms to vendors.
- Calculate vendor scores on assessments automatically.
Imagine you are a hacker. Does it make more sense to conduct phishing and social engineering on a single company’s core systems? Or target cloud software used by – but not actively monitored by – many companies?
Combined with custom tagging and a reporting center, it becomes possible to very quickly organize, categorize, and report on vendors en masse.
You may also be interested in security features like we covered in our last post.
Details On Complying
View vendor compliance status with GDPR, ISO, Privacy Shield, SOC, etc.
Imagine this scenario: “Does that vendor have SOC 2 compliance? It’s not posted on their website… nothing posted online…” Ever been there? Instead of calling or emailing them, you could check Alpin instead. We collect information on vendor compliance status, and you can search and find results for it right inside the Alpin app.
Send your own assessment forms to vendors
More than likely, you’ve sent out dozens if not hundreds of evaluation questionnaires or assessments to prospective vendors. You may have a nice system for tracking and organizing these.
However, with the reveal of SaaS vendors, there could be hundreds or thousands more to cover. With Alpin, you can send and receive vendor assessments from one dashboard. The results will remain in the Alpin profile for each vendor, with all data in one place so it can be seen by you, auditors, or anyone else you share it with.
Calculate vendor scores on assessments automatically
Do your vendor assessments include a score calculation? You may have set up an Excel file to do this for you, but it’s not perfect. Alpin can calculate scores from the assessments you send and receive, helping you quickly scan vendor scores to see who is OK and who needs follow-up. No more spreadsheets or other ad-hoc solutions!
Want to get jump-started on finding shadow SaaS and getting those vendors compliant, so you are compliant? Contact us for a 10-minute demo. You’ll see how Alpin can work for you.