However, high-risk markets are often the very places that will benefit most from SaaS products deployed in the service of public good. For this reason, SaaS companies should take nuanced approaches, such as prioritizing specific industry verticals as they enter new markets or seeking to use market presence to urge human rights and rule of law reform. Human rights outcomes may not be best served by SaaS companies avoiding higher-risk markets en masse. If the SaaS provider discovers that they have unintentionally entered a market that has been designated as high-risk via a customer, or the risk categorization of an existing market has increased to high-risk, the SaaS provider should undertake due diligence to evaluate the human rights risks associated with remaining in country or exiting and take action accordingly. Should the SaaS provider opt to continue serving the market in ques- tion, it should take action to avoid, prevent, and mitigate identified human rights risks. If the provider decides to exit the market or business relationship in question, it should take efforts to avoid, prevent, and mitigate the adverse human rights impacts of ceasing the relationship, including impacts to the partner company, their clients, workers or employees, and local community. Transparency, Guidance, and Communications As part of their efforts to prevent, avoid, and mitigate adverse human rights impacts, SaaS companies should communicate their commitment to human rights publicly and disclose information that will educate the broader public on human rights risks and opportunities. Human Rights Policy Publish a clear commitment to human rights. This should include a description of how the company evaluates human rights impacts of the product or service, the risks associ- ated with customers and end-use of the SaaS service, and the actions they have taken to address these risks. Training and Guidance on Human Rights SaaS companies should provide training and guidance on the intended use of the product, platform, or services to their employees, customers, and partners. This should include educational content on each technology or service offering, a description of intended use cases, limitations, best practice guidelines, and in-product guidance. These materials could also be accompanied by supplemental platforms such as employee, customer, or user forums. Training and guidance should highlight acceptable use of the product or service and note any product or service limitations that could result in human rights harms. SaaS companies may also want to include training or educational materials on the risks that may arise with specific SaaS product or service features, such as user-generated content or personal data collection, aggregation, storage, or sharing. Trainings should be designed to raise awareness of potential adverse human rights impacts. Training and guidance will be most impactful if the customer has a company-wide inte- grated approach to human rights and ethical use. 40 Human Rights Assessment of the Software-as-a-Service Sector

Human Rights Assessment of the Software-as-a-Service Sector - Page 41 Human Rights Assessment of the Software-as-a-Service Sector Page 40 Page 42