| For insuretec/fintec iso 27001, soc2, Pcidss Sso with force logout Allow fine granular role based access (RBAC) to let distinguish between all kinds of roles. Admins, super admin, bots. Have audit logs available. Multi tenant saas and Encrypt the data on a per customer basis or even per department of a customer. Publish your api spec as OpenApi/Swagger/raml in order for api gateways to be consumed. In case you offer some kind of web hooks, publish the api spec of your webhooks as well. Support custom truststores, key stores. Support a private access to your api, e.g. a VPN or a vpc private endpoint in the same AWS region where your customer might have their cloud environment running. Or fixed IPs which will be used for egress/ingress traffic. Document your supply chain. How do you program the software? Which Saas providers do you use yourself?
In case for Europe: how do you ensure the data stays in Europe (I.e. in case you might be monitoring your saas product with for example pager duty, then maybe the data might be hosted in the us. Therefore ensure your supply chain is also in Europe. I think OpsGenie has an Europe endpoint) Provide support contracts and SLAs. |