Larry also lists a few factors lawyers should consider, like where the SaaS data center is located, and the four things (vulnerability scans,
penetration testing, and aesthetic code and dynamic code reviews) that the standards
require in security
testing.