SaaS Security Review Checklist

Use this checklist to periodically review the security of your SaaS applications. It helps ensure your settings, user access, and integrations stay in line with best practices.

🔐 General Settings

• [ ] MFA is enforced for all users and admins
• [ ] Password policies are configured per platform standards
• [ ] Admin roles are limited and reviewed regularly

📤 File Sharing & Collaboration

• [ ] Public or anonymous links are restricted or reviewed
• [ ] External sharing is audited quarterly
• [ ] Sensitive folders are access-controlled

🔗 Integrations & APIs

• [ ] Third-party apps are reviewed and unused ones removed
• [ ] API access logs are enabled where supported
• [ ] OAuth access is granted only with a business case

📅 User Management

• [ ] New user provisioning follows a defined process
• [ ] Departing users are deactivated promptly
• [ ] Shared accounts (if any) are monitored closely

🛡️ Monitoring & Alerting

• [ ] Audit logs are enabled and retained for 90+ days
• [ ] Alerts are configured for suspicious activity
• [ ] Security incidents are documented and reviewed