We agree that there is a need for a deeper understanding of how SaaS services can impact human rights, the appropriate actions that SaaS providers can take to address those impacts, and dialogue among the sector to align on norms and best practices. At the same time, there are characteristics inherent in the SaaS industry that will continue to constrain insights. 5 Building on BSR’s previous paper, “Responsible Product Use in the SaaS Sector ,” we conducted a sector-wide human rights assessment of the SaaS sector focused on the use of B2B services. This paper summarizes the results of the assessment. It identifies the SaaS sector’s salient hu- man rights risks and outlines ways in which SaaS providers may impact human rights—either as individual companies, as a group of companies, or as a sector. In the final section of this paper, we make recommendations to SaaS providers on how to avoid, prevent, and mitigate adverse human rights impacts. Defining the SaaS Sector Cloud computing allows the delivery of IT services through the internet. There are three main cloud computing service models: • Infrastructure-as-a-service (IaaS), which allows companies to use IT infrastructure capabili- ties such as computing power or storage from service providers • Platform-as-a-service (PaaS), which allows companies to use software tools to build applica- tions, in addition to the underlying infrastructure • Software-as-a-service (SaaS), which allows companies to use packaged software ready to run, including all the underlying infrastructure and platform capabilities While these three service layers are interrelated, this paper focuses specifically on SaaS. As of 2021, there were approximately 15,000 SaaS companies in the US alone, serving an 6 estimated 14 billion customers around the world. The SaaS products and services available address an infinite number of business needs, making it difficult to define the sector or create categories that cover the full range of SaaS offerings. At a high level, there are two primary types of B2B SaaS services, horizontal and vertical: • Horizontal services are industry-agnostic, addressing the needs of different types of companies. Such needs include file sharing, email, collaboration, video conferencing, data analysis, customer retention management, and human resources management. • Vertical services address industry-specific needs. Solutions may include electronic health record (EHR) management systems for healthcare, production scheduling software for 7 manufacturing, and learning management systems for schools, among others. Each SaaS service serves different business needs and therefore may impact human rights in different ways. This paper does not attempt to assess the potential impacts of every single type of SaaS service; instead, it lays out characteristics of SaaS services that may have implica- tions for human rights. 6 Human Rights Assessment of the Software-as-a-Service Sector
Human Rights Assessment of the Software-as-a-Service Sector Page 6 Page 8