Software-as-a-service (SaaS) is rapidly becoming the standard software platform for many organizations seeking to reduce their IT costs and take advantage of the inherent flexibility, quick deployment, ready access, and scalability of the SaaS concept. SaaS is part of the paradigm shift toward cloud computing in software, hardware, and IT services acquisition. Swayed by its noted benefits, SaaS adopters may neglect to consider the risks associated with SaaS and overall cloud-based services before adoption. SaaS risks stem from its multi-tenancy, Internet dependency, and the requirement to entrust cloud providers with confidential data. Existing standards for selecting commercial off-the-shelf (COTS) or custom-built software and frameworks for evaluating the risks of cloud-based services are either too broad to apply specifically to SaaS or do not take into account some of the unique requirements of SaaS. Furthermore, the issue of risk relevancy is significant if adopters are to formalize the SaaS decision-making process.