Identification and Prioritization BSR uses the international legal human rights framework as the basis for defining the scope of the term “human rights.” Companies today are expected to respect all human rights, and it is understood that businesses can potentially impact any of them. Therefore, BSR uses as its baseline the universe of rights codified in the International Bill of Human Rights (The Universal Declaration of Human Rights, The International Covenant on Economic, Social, and Cultural Rights, and The International Covenant on Civil and Political Rights) and other international human rights instruments as relevant. BSR identifies actual and potential human rights impacts and the human rights risks and opportunities arising from those impacts. BSR prioritizes human rights using factors contained in Principles 14 and 24 of the UNGPs: • Scope: How many people could be affected by the harm or opportunity? • Scale: How grave are the impacts for the victim? • Remediability: Will a remedy restore the victim to the same or equivalent position that they held before the harm? As this is a sector-wide HRIA, we did not assess these severity factors for individual products or companies; rather, we considered the salience of a human rights impact for the SaaS sector as a whole. Appropriate Action BSR considers the appropriate action for companies using factors contained in Principle 19 of the UNGPs: • Attribution: How closely is the company connected to the human rights impact? • Leverage: How much leverage does the company have to influence the impact? Similar to how we assessed the severity of human rights impacts, we considered attribution and leverage for the SaaS sector as a whole and discussed how the different characteristics of SaaS services influence these factors. Rightsholder and Stakeholder Engagement Effective human rights due diligence requires meaningful engagement with rightsholders whose human rights may be impacted by the company, or by working with reasonable alter- natives such as independent expert resources, human rights defenders, and others from civil society. Particular attention should be paid to human rights impacts on individuals from groups or populations that may be at heightened risk of vulnerability or marginalization. 10 Human Rights Assessment of the Software-as-a-Service Sector