This report analyzes the security of employee data for the Department of Administrative Services (DAS) in the context of a transition to a SaaS model. It identifies and explains various security threats and risks, including data access risks, instability, lack of transparency, identity theft, and malware attacks. The report further explores new security threats arising from the move to SaaS, such as immature identification management, weak cloud software standards, privacy issues, access risks, and unknown data locations. Each threat is evaluated based on likelihood, impact, and priority, with suggested preventive actions and contingency plans. The report also addresses existing and new privacy threats, proposing mitigation strategies to ensure the secure handling of employee data. The analysis is based on the scenario provided in the assignment brief and emphasizes the importance of robust security measures in a cloud environment.