SaaS Systems

What are SaaS Systems?

SaaS Systems refer to the third-party services that process data on your behalf. Think of these as typically the services your vendors provide. Examples could include your HR platform, your logging provider, your content management system.


When should I use a SaaS System, and when should I use Vendors?

SaaS systems are the tools you use that store or process your data. Vendors are companies/organizations—legal entities that you have contracts (BAAs, SLAs, DPAs, etc.) with. E.g., Google the company vs. Gmail, G Suite, etc. AWS vs. your specific VPCs. Slack vs. Slack (included to point out that sometimes the company and the software are called the same thing). For more on vendor management, please find our vendor management guide and our asset management guide.

How can I add a SaaS System?

If you integrate with Okta, we'll automatically add any SaaS Systems for which you provision access via Okta.

  • Learn more about our Okta integration

You can also add SaaS Systems manually like so:

  • Click on the Assets tab in the top navbar
  • Select SaaS Systems on the left hand navigation
  • Click Add SaaS System in the top right
  • Add in the Name of the SaaS System, as well as the Owner, Description, Purpose, Data Classification, and Status
  • Status Legend:
    • Active: system is being actively managed using Comply for functions like access control reviews, authorizations, etc.
    • Inactive: system is no longer in use and/or is not being managed within Comply
  • Select Add SaaS System at the bottom

You can also add SaaS Systems in bulk by clicking the "Add in Bulk" option:



Data Classification

The Data Classification of the asset refers to the highest level of sensitivity of data that this asset processes. Check out the 2. Classify Your Data section of Aptible's Guide to Asset Management for more information.

Updating SaaS System properties

SaaS Systems have many additional fields that you can update by clicking into the "Detail" view of the SaaS System. These properties are important for processes such as Business Impact Assessments and general Asset Management procedures.

Check out our Guide to Asset Management for best practices about how to fill in these fields.