Inside Hyatt’s Plan for Continuous Software Audit Control

When an audit flagged gaps in Hyatt’s software inventory, Jennifer Clark used that as a launchpad to rethink SaaS governance from the ground up. Jennifer, Global IT Asset Manager at Hyatt Corporation, shares how consolidating data, understanding ownership, and embedding compliance into daily workflows turned SaaS audit readiness into an always-on discipline. In this episode, you’ll learn how to streamline your audit processes, build collaboration between security and asset management, and make governance a shared responsibility across the organization.

Chapters:

• 00:00 The Catalyst for Change: Audit Findings
• 03:07 Building a Proactive SaaS Management Mindset
• 06:16 Navigating the Audit Landscape: On‑Prem vs. SaaS
• 08:59 Establishing a Comprehensive Application Inventory
• 11:52 Collaboration and Governance in SaaS Management
• 14:42 Key Performance Indicators for SaaS Management
• 17:15 Strategic Steps for Effective SaaS Management

Episode Summary

For many enterprises, SaaS audits feel like isolated events. At Hyatt, one audit became the spark for something larger—a shift toward embedding governance, visibility, and accountability into everyday operations.

When an audit revealed opportunities to improve Hyatt’s software inventory tracking, Jennifer Clark saw it as a chance to build something more sustainable. As Global IT Asset Manager, she helped launch a SaaS Management program grounded in collaboration, process rigor, and executive alignment.

“I’m a real big process documentation nerd,” Clark said. “It’s not just about having the steps on paper. It’s about linking those processes back to the standards and policies that already matter to your organization.”

With support from both the CIO and CISO, Clark’s team worked to centralize data, communicate expectations clearly, and engage app owners and risk leaders as true stakeholders. The team developed a working model of continuous SaaS audit readiness—one that prioritizes shared responsibility and transparency.

“Most companies treat audit season like a fire drill,” Clark noted. “We wanted it to be part of the way we work every day.”

By integrating Zylo into their operations, Hyatt created a live SaaS inventory, fed real-time data into their CMDB, and surfaced insights to address compliance risks before they became urgent. These foundational steps also opened the door to deeper collaboration across security, compliance, procurement, and IT.

Clark’s advice to others starting this journey: resist the urge to tackle everything at once. “You don’t throw a puzzle on a table and solve it all at once. You build one section at a time. That’s how you scale a SaaS Management program.”

Guest Spotlight

• Name: Jennifer Clark
• What she does: Global IT Asset Manager at Hyatt Corporation
• Connect with Jennifer: LinkedIn

Episode Highlights

SaaS Audit Readiness Is a Cultural Mindset

Jennifer Clark used Hyatt’s audit as an opportunity to make SaaS governance part of the organization’s everyday operations. Process documentation became a vehicle for aligning teams around shared standards and accountability.

“I’m a real big process documentation nerd. So I’m all about documenting the processes. But one of the things that auditors look for is, do you have your processes documented? And so it was really taking that time to document everything, get everything in order—not just document the process, but make sure we’re linking our processes back to those standards and policies that we have already set in our organization and making sure there’s cohesion there.”

Consolidation Creates Clarity and Momentum

Before Zylo, Hyatt’s application data lived in disconnected spreadsheets, making it difficult to respond to audit requests quickly or confidently. Jennifer Clark knew that consolidating this data was the first step in moving from reactive reporting to strategic visibility.

“We had lots of spreadsheets of applications. We had all of our applications listed in all these different spreadsheets, because each team is very focused on what they want to track. When an auditor asks for information, now you’ve got to go to all these different people and kind of consolidate. And it was a lot of hassle. We wanted to really focus on bringing everything together in one source to make our audit requests a lot easier—be able to provide something holistically and in less time for us.”

Executive Buy-in Can’t Be Optional

Hyatt’s SaaS Management program gained traction because the Chief Information Officer and Chief Information Security Officer championed it across the business. Their public support turned governance from a technical initiative into a company-wide priority.

“We’re really fortunate here at Hyatt that we have both a CIO and a CISO that are super passionate about not just improving where we are, but being proactive about what might be coming next. One of their big things was, ‘Let’s get on a town hall.’ Our CIO led that town hall, let us talk about Zylo. He said, ‘Make sure people get excited about what you’re trying to do to help improve what they’re doing.’ And being on a big platform like that was super helpful… all of the questions during that town hall Q&A were for us. Teams were like, ‘How can I help? What can I do to push this forward?’”

SaaS Governance Starts With People, Not Just Processes

Technology and policy can only go so far. Jennifer Clark emphasizes that employee behavior is the biggest wildcard in SaaS compliance. To reduce risk, her team continuously reviews processes to stay ahead of creative workarounds.

“I would say people. And the reason I say that is because in my journey as an asset manager, I have come across no shortage of employee ingenuity to work around the processes. There’s always going to be gaps and loopholes in your processes. But it’s taking the time to continuously review those processes, review what’s going on, to improve what you have in place—and then keep moving to that next level.”

Don’t Try to Fix Everything—Build Strategically

SaaS Management at scale can’t happen all at once. Jennifer Clark urges SAM leaders to start small, stay focused, and scale intentionally to avoid burnout and deliver long-term value.

“Trying to boil the ocean is something I would say to avoid. You have to be a little strategic about it. Zylo is great when you’re doing your implementation plan because they start you out—10 to 15 apps, let’s do it 100%, and then you move to the next group. Too many people in SAM try to do everything all at once and they either get burned out or they get discouraged. So it’s important to be really methodical. I like to use the metaphor of a puzzle or a Lego set. You don’t just toss a puzzle on a table and do it all at one time. You start off with one section and you build that, and then you move on to the next section and build it. And that’s really how you have to work with SAM.”

Top Quotes

04:28 “The thing that auditors look for is if you have your processes documented.”

08:34 “Any security person will tell you: you can’t secure what you don’t know you don’t have.”

14:04 “I have come across no shortage of employee ingenuity to work around the processes. That’s where the real risk lives.”

15:59 “Build a library of all your applications… You want to be able to adequately tell [auditors] with confidence, this is my list of certified applications.”

If you’re a SAM leader facing growing audit pressure, Jennifer’s story is a blueprint for turning scattered systems into a structured program and making SaaS audit readiness a continuous, collaborative part of your SaaS strategy.

Want more stories like this? Subscribe to SaaSMe Unfiltered on your favorite podcast platform.