3. Human Rights Due Diligence Companies should conduct ongoing human rights due diligence on products, platforms, and services to assess for actual and potential impacts across the full range of human rights. Companies can begin to do this by taking the following actions: Undertake Ongoing Human Rights Due Diligence As SaaS products and services and the context in which they are used will inevitably change, human rights due diligence should be ongoing and consider shifts in customers, markets, and use cases to identify actual and potential human rights impacts over time. Human rights due diligence focuses on identifying risks to people rather than risks to the business and requires engaging with and paying special attention to the rights and needs of individuals from groups or populations that may be at heightened risk of vulnerability. While this may be difficult in the SaaS context, SaaS providers should work to engage rightsholders or their representatives, or work with industry collaborations that can help provide insights and feedback from potentially impacted groups on the products and services in question. Due diligence should be carried across the life cycle of technology—the research, design, development, sale, and use phases. Due diligence should be carried across the life cycle of technology—the research, design, development, sale, and use phases. Establish Relationships with Customers When possible, establish partnership-based relationships with SaaS customers. This will allow SaaS providers further insight into how customers use the service in practice and may facilitate risk identification and mitigation. This could include regular meetings (e.g., annually) about their use of SaaS tools and features, particularly with the teams and individuals interacting directly with the solution and familiar with the spectrum of use cases. This may be more feasible with customized offerings where the SaaS provider, customer, and/or partner work hand-in-hand on the design and development of a service, or where updates and ongoing maintenance or services are required. 38 Human Rights Assessment of the Software-as-a-Service Sector