What is SaaS security, and how does it boost sales?

SaaS Buying

Written by

Ariel Diaz

Published on

December 1, 2021

August 4, 2022

Read Time

If the last couple of years have taught us anything, they have taught us that security incidents are becoming ever more frequent.

One recent incident that serves as a lesson is the SolarWinds compromise. This security breach affected more than 250 companies and government organizations like Microsoft, Intel, The Pentagon, The Justice Department, and The Department of Energy. More recently, hackers breached the FBI’s email servers and sent out fake emails to about 100,000 recipients before being flagged as fraudulent.

Nothing seems sacred, and nothing seems impenetrable—including software-as-a-service (SaaS) apps.

But not all is lost because you can take steps to build security around using SaaS apps today. In this article, I’ll show you six areas to address with best practices to implement for boosting your SaaS security.

Note: Because SaaS solutions inherently reside in the cloud, I won’t be talking about security on-premises.

How does SaaS security affect customers, sales, and business?

SaaS security describes the system that protects the software-as-a-service application and the sensitive data it stores and uses. Both the app and its data are almost always hosted on the public cloud, increasing exposure to potential security breaches.

Poor security policies, or no policies, can lead to data breaches, leading to unhappy customers and significant financial losses. According to IBM’s annual Cost of a Data Breach Report, featuring research by the Ponemon Institute, the average cost of a data breach is 4.24 million dollars.

The better the cloud security framework and the company’s security policies, the safer the data. The safer the data, the happier the customer. And the happier the customer, the more money they spend.

SaaS security and privacy: What are the biggest risks?

SaaS apps are generally secure—assuming service providers adhere to compliance and regulatory guidelines (more on this later). Because of the inherent SaaS application security, the data it stores at rest is also protected.

Data in transit

When data is in transit—meaning it’s accessed, modified, or shared by someone— its security grade is only as strong as the weakest link in the transit chain. The people likely accessing, modifying, and sharing the data are your team—or chain links. This situation means that each member of your team is a potential security risk.

Multiplying apps and team members

Multiply data-in-transit transactions by the number of apps your company uses and the number of users in your company. If you’re doing the math in your head, you’ve probably figured out that the number is a lot. It’s a problem because every transaction is an opening to cyber threats

Shadow IT

Shadow IT is when team members provision SaaS products and integrate them into their workflows without company approval. These apps are an excellent example of “what you don’t know can hurt you.” In addition to adding vulnerable transactions to your growing SaaS stack, these transactions are unknown to you and your IT security team.

Poor security practices

The convenience of using SaaS software can sometimes make companies overlook how exposed cloud solutions make them. Ignoring potential SaaS risks could lead to compliance issues or, worse, costly data breaches.

What about SaaS security in cloud computing?

According to a 2025 Gartner forecast, 99% of cloud security failures will be the users’ (your employees’) fault. In other words, cloud services and SaaS applications residing on the cloud are secure. Cloud providers and cloud infrastructure providers have realized this level of security because they adhere to compliance standards and regulations.

SaaS applications and the data they use require additional security measures, standards, and regulations. One example of a security standard for SaaS vendors is System and Organization Control (SOC 2). SOC 2 is an auditing process that ensures SaaS providers comply with specific criteria when working with sensitive customer information, like business-to-business services. In other words, it checks that a data protection system is in place. To attain SOC 2 certification, you must build and follow strict information security policies and trust service criteria.

Assess SaaS security for your business

In large part, SaaS security depends on two primary metrics: the number of apps your company uses and the number of users your apps have. On average, small to midsize companies use about 100 SaaS apps—your company might be using more or less—scattering your company’s data across 100 different servers on the cloud.

Consider every person-to-app relationship for SaaS security

Your team and their relationships with your company’s SaaS apps make up a thing we call The SaaS Graph™.

If you look at the number of SaaS apps per company, the numbers seem manageable at face value. For instance, a mid-market company (101-999 employees) might use 185 apps, while an enterprise company (1,000+ employees) might use 288. Simple, right?

But when you consider app-to-person connections, that number of relationships expands to 4,406 for mid-market and 21,580 for enterprise companies, respectively. So, the bigger a company becomes, the more complex app-to-person connections become, as the graph shows. And as more complex app-to-person connections become, the more vulnerable your company becomes to cyber attacks.

Six SaaS security areas to address and best practices

Many companies undertake security on an as-it-comes basis. Unfortunately, this approach means they aren’t thinking about security until something bad happens. Further adding to the problem, ad hoc or absent security policies can open up to a world of vulnerabilities.

On the other hand, some organizations employ arcane security practices, like forcing users to change their passwords regularly for no real reason. These practices aren’t user-friendly and are often skirted by employees.

Here are our recommended six areas to apply security practices or tools:

1. Apply multi-factor authentication

The single best thing you can do to improve your organization’s cloud security is to turn on and enforce multi-factor authentication (MFA). This practice is especially true for your primary email and collaboration platforms because it reduces the harm an attacker can cause with stolen credentials.

2. Implement secure web browser settings

We use Chrome, so our Chrome administrator applies security settings at the account level. This way, no matter what device a team member signs in from, they’re protected. And because these settings can be applied across several devices and the Chrome browser, they can enforce cybersecurity without a ton of extra effort from our teammates or IT department.

3. Use cloud storage

Shared spaces for teams like G Suite Team Drives are good ways to contain data in secure spaces. For instance, Team Drives lets you add new members, and you can decide whether you want to give them full access to upload, edit, and delete files or whether you want to restrict them to specific activities at the user level. You can also set and change member permissions and remove members as needed.

Related: G Suite Security Checklist

4. Employ SaaS security monitoring

SaaS security monitoring is a crucial layer of security for your SaaS stack. It enables you to manage employee access to your required SaaS apps by department, consolidate licenses, and give you unprecedented visibility into your SaaS stack. Vendr is an excellent example of a platform that can do all three and more; it’s a key SaaS security element when putting your IT stack together.

5. Manage SaaS access and passwords

Don’t rely on a web browser’s password manager. Instead, we recommend using security tools like TeamsID or LastPass because they offer various password management security solutions for organizations large and small. For example, the best feature of TeamsID is its ability to link to Google’s SSO. This feature means you can enforce strong passwords and multi-factor authentication on G Suite, which will unlock your shared passwords in TeamsID.

6. Deploy a unified identity and access management (IAM) solution

When your company grows to 100-200 employees, you should start thinking about deploying a security service like a unified IAM solution. They work by authenticating a user once and then unlocking all apps for them, rather than users having to sign in to each app individually. A unified IAM streamlines the end user’s (your teammate’s) experience and protects your entire company from cyber threats, like malware, ransomware, and phishing.

Bonus: Ensure SaaS security compliance in your company

Because every employee’s SaaS account is a potential point for a cyberattack and data loss, security is everybody’s business, from C-level executives to your newest recruit.

However, the human resources department has a critical role in protecting data security as your company’s gatekeepers. Their job starts when—or even before—an employee’s first day at your company. And it continues even after the employee leaves.

By collaborating with IT, HR can guarantee the security of your SaaS environment, as well as org-wide compliance with security regulations and rules.

Here are a few HR tips to improve your SaaS security today:

  1. Create a SaaS governance policy
  2. Enforce a company-wide SaaS workflow adoption
  3. Start with employee onboarding
  4. Continue through employee offboarding
  5. Educate new and existing employees on security developments
  6. Build an environment that encourages cooperation in promoting security and compliance

For a deeper dive into SaaS security at the HR level, check out “SaaS Security and Compliance for HR” and “What HR Needs to Know About SaaS Security.”

Automate and streamline your SaaS security

When it comes to SaaS security monitoring, Vendr is an integral part of a SaaS security stack. You get:

  • Access to an always up-to-date list of the SaaS vendors and cloud applications in use and subscriptions across your company—including “shadow” and unsanctioned applications
  • A way to easily audit what permissions users in your organization give to which applications and get updates on all new additions or misconfigurations.
  • Dashboard views to see adoption trends for your whole organization, including details by department and products
  • The ability to manage employee access to your required SaaS apps by department and to consolidate licenses

Want SaaS content delivered straight to your inbox?

Sign up for an ongoing stream of leading SaaS buying research and resources.

Read about our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Similar posts

The latest news, technologies, and resources from our team.

Belynda Cianci

Procurement

SaaS Buying

Taming the SaaS vortex: A Vendr Fireside Chat with Datadog's Michelle Vita

With the explosion of SaaS, staying ahead of SaaS Procurement and ensuring a lean tech stack has never been more challenging. Procurement professionals work daily to tame the “SaaS vortex” and ensure they maintain value as they add complexity and license volume to the stack. This has forced an evolution in Procurement and new approaches for professionals managing the software buying process. 

Michelle Vita is well-versed in this evolution. As a procurement professional with over a decade of building procurement processes for business, Michelle’s career has evolved from traditional procurement roles in private real estate development to high-tech roles in real estate technology and SaaS. Most recently, Michelle took the reins as Head of Procurement for cloud-scale monitoring and security firm Datadog. 

At the recent Digital Procurement World conference, Michelle took the time to sit down with Vendr’s KR Barron to talk about taming the SaaS vortex and building a supportive, sustainable procurement practice for Datadog. She shared her insights on team-building, growing an agile organization, and empowering your stakeholders. 

We’ve captured the highlights from the session below. 

How team cooperation helped Datadog tame the vortex

Michelle has spent three and a half years at Datadog evolving the Procurement team from a “department of one” into a thriving, progressive team with operational and strategic mandates. 

During that time, she’s come to believe the heart of a progressive, strategic Procurement function is its people.

“There are two types of Procurement personas now,” she explains.

“Classic, traditional procurement professionals, with a 7-step process, etc. Then there’s the new procurement professional. They’re more strategic and agile, more a jack-of-all-trades. The industry, in general, is evolving toward this model.”

These young, powerful professionals and the explosion of SaaS have brought about this new breed of procurement professionals. 

These new professionals are also changing the way their stakeholders think about SaaS. They’re empowering employees to negotiate on behalf of their company to buy the right tools, with the perspective of “buying as if you were the owner of the company.” 

Michelle describes her own team at Datadog in these terms. Her first hire came by way of an internal candidate who already understood the procurement process from the stakeholder perspective. Michelle described this agile-focused colleague as “one of the best hires I’ve ever had.” This versatility has allowed them to grow with the team, take on new projects, and execute effectively. 

Since that first hire, Procurement at Datadog has evolved into a two-pronged department, with members focused on both operations and strategy. The team includes progressive-thinking procurement and contracts experts who leverage technology to educate stakeholders, create good policy, and create a seat at the table for Procurement.

Buy with intention

The economic uncertainty of 2022 has ushered in a more measured approach to buying than in previous years. Even as SaaS has become more challenging to optimize, being strategic about your business cases and volume has a positive impact on the software budget. 

Where once the rationale was to buy “as many licenses as we can move into someday,” Michelle and Datadog stick to a strategic, “buy as you go” license approach that helps the team save money and be more conservative. Having licenses waiting on the shelf for someday “is money that goes to waste.” 

The temptation is to buy the number of licenses you’ll need for a future date, incentivized by the perceived savings of a volume discount. But, “taking advantage of a discount isn’t good if they’re just sitting on a shelf unused,” reminds Michelle. 

Instead, the team has become more focused on getting the licenses they need for the current team. Procurement has also focused on the best management of those tools, performing license audits, and ensuring proper utilization. They’ve also gotten more strategic about tier levels. Datadog assigns top-tier licenses for some power users and viewer licenses for others that are cheaper. 

Strive for agility and automation

When faced with a lack of resources—be it budget, headcount, or data— Procurement is tasked with applying agility to the procurement process. Michelle is always on the lookout for places to reduce human activity.

“I’m a huge supporter of relieving the team of administrative burdens that don’t add value.”

To do this, the Procurement team looks at the end-to-end process, identifies those processes taking up human touch and time, and automates them.

The team has turned once onerous processes into touchless processes that reduce friction in day-to-day operations. For instance, vendor follow-ups used to take up considerable time for the team. Now, those processes are controlled by Robotic Process Automation (RPA). Bots now perform a follow-up workflow for outstanding items, allowing procurement to focus on higher-level tasks.

“Agility is important, but also [means] working with our partners, establishing relationships, and using them to grow.” 

The contract process also slowed down internal progress, so the team found ways to reduce friction and remove human intervention from the process. By integrating their contract system with an e-signature tool, they can move contracts for review to Legal automatically, collect signatures, and speed up the contract execution process. 

Agility relies on partnerships, so as part of the legal contracts automation, the Procurement team worked with vendors to use internal paper for contracts. Using an internal template that is acceptable to vendors gives the legal team more control over the review process and speeds up the time to completion. 

Empower your stakeholders

Stakeholder education plays a huge role in creating a collaborative, functional relationship between procurement and the larger organization. The key, says Michelle, is to empower stakeholders with just the information they need to execute. 

The Datadog team invested time and resources in ensuring stakeholders had what they needed to learn the ropes. While the company had some resources in place, “Sometimes you need resources for various types of people since everyone learns differently.” 

The road to better stakeholder education started with a conversation. “We gathered stakeholder feedback from a survey on our processes.” The team issued an anonymous survey asking users to give their feedback about the purchasing process and the resources available to them. 

“Training kept coming up and coming up.” 

The team realized that even though resources were out there, the onboarding of those resources could be improved. “Our internal team feedback… kept coming up that people were starting [at the company] and not watching the videos.” Those conversations allowed the Procurement team to identify the issues and develop a plan. 

Automation has a part to play in the empowerment process, as well. “We wanted to empower stakeholders to do things that don’t require procurement touch.” To help stakeholders gain confidence in buying on behalf of the company, Michelle and the team implemented a guided help service for users.

Modeled on the “Clippy” office assistant featured in Microsoft Office, the procurement assistant program sits on top of the Procurement system, providing helpful pop-ups for users as they engage with the UI and perform routine tasks. If the user gets stuck or needs assistance, the assistant robot guides them through the process with a “click here” approach. This allows stakeholders to self-service needs without relying on procurement team members directly. 

Ideas such as these allow Procurement to remove itself from the areas where it doesn’t add value while still maintaining agility for the wider team. From there, they can develop stronger relationships between departments, gain a strategic seat at the table, and ensure that once they have that position, they can deliver value.  

--

For more tips on driving an enablement, people-first approach in your Procurement practices, take the advice of Sören Petsch, Head of Procurement at CommerceHub.

After all, “If Procurement is the Cost Savings Department, we break the trust of our internal stakeholders all the time.”

Belynda Cianci

Finance

SaaS Buying

What is budget variance, and how it can impact your SaaS spend

Your team worked hard to create an accurate budget for the upcoming year. Considerable planning went into the financial model; Finance was confident in its assumptions. 

Now it’s mid-year, and your actual figures are off. Potentially really off in some places. 

What’s going on here?

Every company — small business and enterprise company alike — deals with budget variances and other FP&A challenges. In a swiftly changing economic and business environment, they’re somewhat inevitable. But you can control their occurrence and impact on the balance sheet. 

Get a recap of spending and deal flow in 2022, highlights of the changing SaaS buying landscape, and predictions for 2023.

See the 2022 SaaS buying trends.

Today we’ll look at budget variances: How they occur, what to do when you find one, and how to reduce their likelihood and impact on your business. 

First, let's fully define what a budget variance is.

What is a budget variance?

A budget variance is a difference between the budgeted amount for a specific department or project versus the actual amount.

Budget variances are a common part of the financial life of most companies. That being said, frequent or extreme variations in the budget can be disruptive to cash flow. Variances may signal a mismatch between expectations and actual results on revenue or planned spending for products and services.

Budget variances can be either positive or negative:

Positive: A positive budget variance (also called a favorable budget variance) means that your company spent less than intended on a specific budget item. There can be several reasons for a positive variance. And while a variance may not be a cause for concern, it pays to research these when they occur. Run a variance report on the business budget to look for any overestimations or changes to liabilities.

A budget variance should always be investigated, even if that variance seems like a windfall.

Negative: Most finance professionals think of this when they hear the word variance. A negative variance (an unfavorable budget variance) refers to spending over the allotted budget. There are several reasons why budget variances occur. While not every variance can be avoided, monitoring can help reduce their occurrence and impact.

How a budget variance can happen with a SaaS contract

Software contracts are also subject to the effects of variance. With a standard subscription built on an annual or monthly basis, variances are less common. Variance in a fixed contract usually happens because a department needs to add more licenses or tools after establishing budgets. But other contract structures — usage-based or drawdowns — are likely causes of unplanned SaaS spend.

5 common causes of budget variance

Budget variances aren’t always a matter of errors (though sometimes this is true). Here are the five most common sources of budget variances affecting your budgeting accuracy:

Changing economics: Shifting economic conditions is one of the most common sources of changes to actuals versus budgets. Changes in commodities prices, labor costs, overhead expenditures, and services can create big expense variances between the estimated spending and the numbers at the end of the period.

Budgeting errors: Human error does play a factor in budgeting issues. This can be a matter of underestimating actual expenses or even a simple data entry issue on an Excel sheet or a line item. Variances of this type may be positive or negative, but if they occur repeatedly, it may be time to review your budgeting process and streamline where necessary.

Pricing changes: changes to the pricing of your services or fixed assets can create a variance in a budget. For instance, if insurance premiums at renewal are higher than anticipated for a fixed asset costs have risen as a matter of expansion, variances may be the outcome. It’s important to keep an eye on planned expenditures that diverge from the original budget and make adjustments where necessary.

Process streamlining: Improvements in your operational or financial processes may create a positive budget variance. Implementing streamlined spending approval processes, for example, may result in reduced tail spend that will positively impact the budget for that.

Risk and employee fraud: One unfortunate source of budget variance is risk-based costs such as disaster recovery, legal fees, and procurement fraud. These variances are hard to predict and either and harder to avoid. The best prevention for such budget shortfalls is increased due diligence and robust financial monitoring.

5 examples of budget variance in software

Software budgets are subject to variances just like any other cost. Here are some ways your SaaS buying budget may become out of sync with the actuals.:

Usage changes

Changes in how you use a piece of software may result in fluctuating actual costs associated with that tool. For instance, increasing service level tier mid-contract to better route team or project requirements will consume more of the budget than planned. Building flexible budgets with some play for software changes can help alleviate budgeting issues at the end of the period

Overages

Usage-based contracts such as those that charge her credit or her impression may result in higher than expected spending for those tools. When establishing a contract for a usage-based tool, discussing scenarios where usage changes is important. Sometimes, the supplier is willing to work with you for anticipated increases mid-contract. A good rule of thumb is that becoming a better customer should never be more expensive.

Early drawdown

Draw-down contracts that rely on a pool of funds, service credits, or use may be subject to early renewal if usage exceeds the anticipated amount or allotment. As with overage fees, it’s important to establish the ground rules with your supplier before you sign the contract. Using more of a product should offer an advantage instead of a penalty.

Incorrect usage estimates

Both overage scenarios above are often associated with underestimating the need for a product at the point of negotiation and contract execution. Building better modeling for expected usage can help reduce the occurrence of this type of variance. Make this a point of negotiation when dealing with a new supplier for a usage-based or drawdown contract.

License/user increases

Sometimes growth requires spending. One source of budget variance is the need for more licenses or seats of a specific software tool throughout the contract. This happens when hiring cadences increase or new projects get underway. This is another point where a successfully negotiated supplier relationship can benefit when you realize your needs have changed.

How budget variances can impact your bottom line

Budget variance can be an insidious drain on revenue if left unchecked. Overages in your budget, especially those overages which cannot be tied to a product or project, must be mitigated wherever possible.

Budget issues that affect cash flow can affect your financial statements and creditworthiness as a downstream impact if ongoing problems are left unresolved. 

What to do when you notice a budget variance

Research the variance cause: granular access to data is your best ally in tracking and resolving budget variances. When you discover an issue between your budget in your actuals, take the time to dig into the numbers and establish that the variance has occurred (that it’s not the result of a data entry error or oversight) and the root cause, if any.

Plan a course of action: Once you establish that a budget variance has occurred, you need to decide how you will handle the variance going forward. There are a few possible scenarios for handling discrepancies between your budget and your actuals.

  • Increase or decrease the budget to align with new information.
  • Divert from other budget lines to satisfy a shortfall.
  • Find ways to boost actual revenue to align it with expectations.

If you find these adjustments are becoming frequent, it pays to investigate and improve budgeting or estimating criteria.

4 ways to avoid unforeseen variances in your budget

Regular review and maintenance of your budget are the best ways to avoid changes in your actuals outside budget parameters. A streamlined process and help from technology can also improve budget outcomes.

Perform budget variance analysis

Regular cost performance and budgeting review are essential to reducing or eliminating variances. Some research is a routine part of your financial cadence. For example, large variances may show up during the month and closing activities for flux analysis.

As an added precaution, quarterly budget reviews are a tried and true way of heading off variances in your budget before they can become a more significant issue. Touch base with your department heads to understand changes to the spending plan before they occur and make necessary adjustments as a proactive measure.

Perform scenario analysis

For instances where you’re budgeting parameters may change, consider running scenario analysis and creating contingencies for possible outcomes. By building a budget that can absorb a variety of outcomes, you establish more confidence in the budgeting process and smooth the path for later analysis.

Consider rolling budgets

If your industry or business is subject to variable costs, seasonality issues, or other changes, consider moving away from a static budget. Rolling budgets, which are adjusted monthly or quarterly, may give your financial reporting the flexibility it needs for more accurate, agile financial planning.

Track usage

Tracking software usage, especially in usage-based or drawdown SaaS pricing models, can help you avoid overages in your software spending before they get out of hand. Create regular calendar events to check usage numbers or set up notifications within your platform that can alert you to changes between planned and actual usage. The small step will translate to big savings and cost avoidance if your project plans or scope of work changes.

How Vendr can manage your SaaS spend and put fears of budget variance to rest 

Tracking your spending on SaaS tools is the best way to avoid discrepancies in your budget vs. actual costs. Spend management software centralizes your data, creates metrics for evaluating spending, and allows you to keep track of usage-based contracts before they can spiral out of control. By getting a better grasp on the day-to-day life of your tech stack, you can avoid surprises at the end of the quarter or year.

Get an inside look into the platform where you can discover and buy new tools, see how much you're saving on software, and stay up to date on your IT stack with our free guide to the Vendr SaaS buying platform.

Belynda Cianci

SaaS Buying

Finance

The 4 types of purchase orders you’ll create when buying software

Planning procurement activities — whether for supplies, products, services, or software — requires a high level of visibility. The process gets easier by documenting planned purchases to the best of your ability. Department heads will know what purchases are on the horizon, IT can plan for capacity and implementation, Finance can plan spending more accurately, and accounting can lay the groundwork for a smooth end-to-end purchasing process. 

One way to achieve all these objectives is to streamline the purchase order process. You ensure everyone knows the game plan by documenting purchase information completely (and in advance). 

But what’s the best way to plan if you don’t have all the information? As it turns out, the structure of your purchase order can help show what you know and leave room for future planning. 

Let’s look at the different types of purchase orders you can use for purchasing software, and how to use them most effectively. 

What is a purchase order?

A purchase order form is a standardized form a buyer transmits to a supplier. The purpose of the purchase order is to outline the requirements and necessary information for placing an order and having it filled. Purchase orders are standard practice for businesses buying supplies, goods, and software from their suppliers. The purchase order also serves as a record for tracking and confirming accurate and timely delivery of purchases.

When to create a software purchase order

The purchase order process begins after the evaluation and selection of a supplier. It represents the beginning of the purchase portion of the procurement process, after any needed sourcing activities. 

Most often, a purchase requisition precedes the purchase order. This initial document (sometimes called an intake form) outlines the parameters of the business need, any requirements the solution must meet, and any preliminary evaluation the stakeholder has conducted. The information from the purchase req serves as the basis for completing the final purchase order before transmission. 

The requisition also creates a second data source for checking the accuracy of orders once the products, materials, or software licenses come in. Accounts payable checks the purchase requisition, purchase order, and invoice for parity in a three-way matching process. This process ensures compliance with delivery terms, date of delivery, the quantity of items ordered, etc. It is one component of ensuring legal protection, as it serves as a source of truth for the outcome of a supplier agreement. 

When you know exactly what you need from a selected supplier, you can create a purchase order for immediate or future use. Depending on the timing and quantity of the purchase, you may create one of four common purchase order types: standard PO, planned PO, blanket PO, or contract PO. More on those next. 

The 4 types of software purchase orders and when to use them

While standard POs are most common for the purchasing process, there are several ways to structure a purchase order. The type of PO you use will depend on the details and timeline of your purchase. Selecting the right type of purchase order structure helps smooth the procurement process and aids budgeting and planning from the accounting side. Pre-planning purchases through the right purchase order allows finance to ensure the cash will be available when needed.

Standard purchase orders (SPO)

The Standard PO (aka a “regular purchase order”) is one most buyers are familiar with. Standard purchase orders represent the intent to complete one transaction with a specific product type, quality of items, and quantity. The purchase order should outline all the necessary information for completing the transaction. Standard purchase orders are often used for a one-off purchase. 

For software purchases, a buyer may need a set number of licenses for the company or department. For instance, ten seats of a specific accounting software solution for everyone in the AP department. In this case, they would order the specific number of licenses needed to set everyone up with their own instance of the software. 

Planned purchase orders (PPO)

The second common type of purchase order is that planned orders are similar to standard ones but for a future, undetermined delivery date. These purchase orders are developed with all the details of standard orders. The money for these is placed in a reserve called an encumbrance) so the money will be available when it’s time to place the order. Once it’s time to transmit and fulfill, accounting performs a release of the funds and completes the purchase. 

Planned purchase orders are ideal for purchases that are made on a semi-regular basis. One example is office consumables like coffee and tea. The purchasing department estimates what you’ll need to use based on previous purchases and timeframes. They then create a series of orders and release them as necessary (for instance, when the admin reports they’re down to the last few boxes). Planned purchase orders are handly when the order details are the same, but the exact consumption period isn’t known. 

One example of software purchasing on a planned purchase order: A development team will need 30 licenses of a popular development tracking tool for an upcoming project. The project is slated to kick off in the year's second half,  but the exact date is unknown. In this case, the team can encumber funds within the project budget and create the planned order during the planning phase. When it’s time to implement the tracking software, AP releases the funds and completes the purchase. 

Blanket purchase orders (BPO)

When you know you need an item continually, but you’re unsure of how many, a blanket purchase order can reduce redundant work and make the procurement process smoother. The information stays the same in this case, but the quantity and timeframe are unknown. Printer paper is a great example because its usage fluctuates based on the headcount in the office and the types of projects happening at a given time. With a blanket order, the release happens when the supplies run low, and the quantity is updated based on expected use for the next interval (whether a month, a quarter, etc.) 

Blanket orders may present backorder issues for the supplier if the quantity greatly exceeds expectations. For this reason, blanket orders come with a safeguard for the supplier: they outline a maximum quantity for a single purchase. This ensures the buyer can plan SaaS spending and get what they need (within reason) without creating inventory management issues for a supplier trying to fulfill orders for many customers at a specific period of time. 

In purchasing software, the team may need to requisition communication tools to meet the expected headcount for each hiring sprint. The exact timing of the orders is unknown, and the number of licenses may change depending on the hiring activity. The team can rely on receiving a certain number of licenses even if there is some fluctuation in the headcount. 

Contract purchase orders (CPO)

A contract purchase order has the least detail but still sets up the basic parameters of the purchase for when needed. It's essentially a promise of future orders, and an outline of the terms and conditions each party will adhere to once those POs come to fruition. A contract purchase order is not a binding contract until accepted by the seller.  

Contract purchase orders don’t contain the specific delivery schedule, quantity, or item information. They may have mutually decided timeframes for purchase (for instance, a quarterly estimate). In software, these purchase orders may come in handy when working with a software reseller. They outline the necessary details for transactions but leave the specifics for a future date when more information is available. 

What to include in every SaaS purchase order

Every purchase order — whether standard, planned, blanket, or contract — should offer the baseline details to complete the purchase. When developing a purchase order to buy SaaS software, include the following information for your procurement and supplier-side stakeholders:

Supplier information

Once known, detail the supplier information, including any details necessary to transmit the purchase order and pay the resulting invoice. By outlining the necessary information for the entire purchase process, you reduce back-and-forth communication and ensure quick delivery/implementation and payment of software. 

Tier/service specs

If known, outline the service or tier level information for the products you’re purchasing. By being more specific on the purchase order, it's easier for accounting and receiving stakeholders to verify that the desired products were ordered and delivered. 

Payment details

If the suppler has specific payment terms (for instance, early payment discounts, preferred payment forms, volume order discounts) outline these in the PO to ensure accurate billing and timely payment.

How Vendr can manage your SaaS purchase orders, end-to-end

Using a supplier management system like Vendr can automate many repetitive tasks associated with purchase orders and financial management. By centralizing supplier data, contracts, and license information into one easy-to-use platform, your department stakeholders, Finance, and Accounting departments will maintain a high level of visibility into current software levels, upcoming renewal activity, and future capacity planning. 

To get a handle on your PO process and all your software buying activities, consider creating a stronger intake process with our free template. With a better process, your teams enjoy a smoother procurement experience, more accurate planning, and more data-driven decision-making.