26 questions to help assess whether your firm has clear visibility across SaaS apps, AI tools, users, credentials and access risk.
Accountancy firms rely on SaaS tools to deliver fast, flexible and efficient client service. But as more applications are adopted across teams, it becomes harder to maintain clear visibility over what is being used, who has access and whether each tool is still needed.
This checklist is designed to help you assess whether your firm has a clear view of its SaaS and AI environment, and where access visibility gaps may be hiding.
A “Not sure” answer is often just as important as a “No”. It may show that your firm does not have enough visibility to make confident access, security or cost decisions.
Select Yes, No or Not sure for each checklist item.
Your answers will be counted automatically at the end.
Use the results to guide a conversation around secure access.
Before a firm can secure access, it needs a reliable view of the applications employees are actually using.
Do we have a current list of all SaaS applications used across the firm?
Do we know which apps are approved and which are unapproved?
Do we know which teams use each app?
Do we know which apps process, store or transmit client data?
Do we have a process for reviewing new tools before they are adopted?
SaaS visibility is not only about knowing which tools exist. It is also about knowing who can access them and whether that access is still appropriate.
Do we know which users have access to each application?
Are access rights based on job role?
Are access permissions reviewed regularly?
Are leavers removed from every relevant system?
Are users with changed roles reviewed for excessive access?
Are admin accounts limited and monitored?
Secure access starts with strong credential management. Shared, reused or unmanaged passwords can create unnecessary risk around client systems and internal tools.
Are employees using a secure password manager?
Are shared credentials controlled and traceable?
Are weak, reused or compromised passwords identified?
Are security policies applied consistently?
Is MFA enabled where appropriate?
AI tools can improve productivity, but firms need to know which tools are being used and whether client data is being entered into approved environments.
Do we know which AI tools employees are using?
Do we have an approved AI tools list?
Do employees know what information can and cannot be entered into AI tools?
Are browser-based AI tools considered in access and data protection reviews?
Is AI usage covered in security awareness training?
Unmanaged SaaS can create unnecessary cost as well as security risk. Visibility helps firms identify duplicate, underused or over-provisioned tools.
Are there duplicate tools across departments?
Are paid licences reviewed regularly?
Are inactive users removed from paid platforms?
Are underused tools identified?
Is app usage data available to support renewal decisions?
If your firm cannot answer many of these questions confidently, the problem may not be lack of effort. It may be lack of visibility.
Modern accountancy firms need a secure access approach that reflects how work now happens: across browsers, SaaS platforms, cloud tools and AI applications.
Secon and LastPass can help firms simplify this process by supporting credential security, app and AI discovery, access control and secure login experiences.
If this checklist has highlighted gaps around SaaS visibility, AI usage, credentials or access control, speak to Secon about how LastPass could help your firm strengthen secure access without unnecessary complexity.
Discuss LastPass with the Secon team