Project Information
This website is part of Nicholas Xavier’s Msc. Business Informatics thesis project at Utrecht University, Netherlands. The study’s aim is to improve the transparency of the SaaS industry by designing and evaluating a certification framework that can be used to analyze SaaS continuity control risks, and award certification marks to SaaS providers, in order to foster improvements in risk awareness and customer trust in SaaS.
This project started in November 2019 and ended in July 2020. Focus was placed on developing the framework around the core domains of business continuity, disaster recovery and continuity guarantees. Data security, data privacy, data and application migration, SaaS testing, service level agreements, and Dutch ICT law are also addressed in the framework. However, the depth of coverage into these domains are limited due to the limited manpower (1 researcher) and time frame of the project (8 months). As such, it is recommended that professional use of the framework will require further expansions into the these domains, especially data security.
For expanding the framework, the design and evaluation methods described in the thesis paper can be used. This can be downloaded along with the framework through the Framework & Thesis Download page, click the link below. The thesis paper supports the framework by providing traceability into the design decisions made during the framework’s development.
For questions, please contact Nicholas Xavier using the contact details at the bottom of this page.
For previous research projects from the Software Ecosystem Lab at Utrecht University, click the link below.
Main Research Question
Can a framework be created that portrays the level of risk associated with a SaaS continuity controls by analyzing a SaaS provider’s ecosystem including the methods, tools, and processes used to support a guarantee?
Sub-Question 1
What framework design features are best suited for scoring the risk associated with SaaS business continuity controls?
Sub-question 2
What business functions/ processes that support SaaS continuity controls should be analyzed in the certification framework?
sUB-QUESTION 3
What SaaS continuity guarantee specific concepts should be analyzed in the certification framework?
sUB-QUESTION 4
What is a suitable scoring and evaluation method for the certification framework?
sub-QUESTION 5
What entities in the SaaS supply chain should be assessed?
sUB-QUESTION 6
What are suitable criteria and benchmarks for validating the framework?
For more information please contact us via E-mail
Researcher
Nicholas Xavier – n.p.xavier@students.uu.nl
Supervisor
Dr. Slinger Jansen – slinger.jansen@uu.nl