SaaS - 3 key steps
1. Review Business processes
Do you require a review of your business processes?
Review your business case ensuring it is robust enough to justify the University providing another software solution.
- Before you opt for a new software solution, please review your business processes, if you need help and advice from the Change Team they provide a ‘Guide on the Side’ service
- Consider all potential stakeholders involved in the process under review and ensure they are kept informed. For example Academic Registry for student related processes, HR for staff etc
2. User access
Should the software use SSO or MFA?
As a general rule, if it needs a login, it needs Single Sign On (SSO)/Multi-Factor Authentication (MFA).
Please check with the vendor if they support Multi-Factor Authentication and/or Single Sign On as a method of authenticating user access to the software.
If the vendor does not support Single Sign On (SSO) or provide Multi-Factor Authentication (MFA), AND we are sharing LU data directly with the vendor, then we would not be able to use this software. Alternative solutions will need to be considered.
Depending on the type of authentication offered by the vendor, this will implemented during Stage 5 of the Software Risk Assessment process, the Implementation stage.
Question to ask vendor:
- We require SP initiated SAML v2 single sign-on using a SHA256 2048 bit (minimum) certificate and any data we return will be encrypted using your certificate. Please confirm you can support this?
3. Purchasing a SaaS
Guidance
Ensure you have budget approval for the purchase, implementation, and annual subscription.
Consider if you need to liaise with Procurement about the potential purchase of software:
- If the total contract value (or nominal 4 years if contract length unknown) is greater than £50,000
- If you are not following University Procurement Guidelines and the solution will cost more than £10,000.
Further information can be found on the Finance Office - 'Purchasing goods and services' webpages.
Please note that these pages are on internal access and sign-in will be required. If accessing from off-campus, VPN access is also required.