Services

The Services section helps you track the security posture of your cloud applications and third-party tools—the SaaS products your organization relies on.

Why Track Services?

Compliance frameworks like ISO 27001 and SOC 2 require you to assess and monitor third-party services. Recoger makes this manageable by:

  • Centralizing service inventory in one place
  • Scheduling regular security reviews
  • Tracking security configurations over time
  • Generating evidence for audits

Service List

The service list shows all tracked services with:

  • Name — The service name (GitHub, Slack, AWS, etc.)
  • Category — Type of service (Development, Communication, Infrastructure, etc.)
  • Owner — Team member responsible for this service
  • Status — Current compliance status
  • Next Review — When the next security review is due

Adding a Service

To add a new service:

  1. Click Add Service
  2. Enter the service name and URL
  3. Select a category
  4. Assign an owner (who's responsible for this service)
  5. Complete the security questionnaire
  6. Set a review schedule

Security Questionnaire

When adding or reviewing a service, you'll answer questions about its security configuration:

Question Why It Matters
Is SSO enabled? Centralized authentication improves security and offboarding
Is MFA enforced? Multi-factor authentication prevents credential-based attacks
Is audit logging enabled? Logs are essential for incident investigation
What data classification? Determines appropriate security controls
Is data encrypted at rest? Protects data if the service is breached
Where is data stored? Important for GDPR and data residency requirements

Service Categories

Organize services by category:

  • Development — GitHub, GitLab, Jira, Linear
  • Communication — Slack, Teams, Zoom, Email
  • Infrastructure — AWS, GCP, Azure, Cloudflare
  • Productivity — Google Workspace, Microsoft 365, Notion
  • Security — 1Password, Okta, CrowdStrike
  • Finance — Stripe, QuickBooks, Brex
  • HR — Gusto, BambooHR, Rippling
  • Other — Everything else

Security Reviews

Each service should be reviewed periodically. Recoger tracks when reviews are due and reminds owners.

Review Frequency

We recommend:

  • Critical services (Infrastructure, Security) — Monthly
  • Important services (Development, Communication) — Quarterly
  • Standard services — Annually

Completing a Review

  1. Open the service details
  2. Click Start Review
  3. Verify or update the security questionnaire answers
  4. Add any notes about changes or concerns
  5. Submit the review

Reviews are tracked in the service history for audit purposes.

Review Approval Workflow

For additional oversight, admins can enable review approval. When enabled:

  1. Service owner completes the review
  2. Review enters "Pending Approval" state
  3. Admin reviews and approves (or requests changes)
  4. Approved reviews update the service status

Service Compliance Score

Each service receives a compliance score based on:

  • Security configuration (SSO, MFA, encryption, etc.)
  • Review status (overdue reviews lower the score)
  • Data classification (higher classification = higher requirements)

The score contributes to your organization's overall compliance posture.

Importing Services

For organizations with many services, you can bulk import from a CSV file. Go to Services → Import and download the template to get started.