Lacking criteria or an assessment framework for SaaS applications, the Microsoft Information Security Risk Management team created a workbook to provide needed guidance. See how the team uses this to ensure the consistent evaluation of SaaS deployments.