The invention discloses a system security architecture based on an SaaS platform. The system security architecture comprises a user login module, a network server, an operation and maintenance management module and an operation and maintenance database, wherein the user login module is provided with an access control layer, and access control comprises identity authentication and authority management; the network server is provided with a security compliance layer, and the security compliance layer conforms to a GDPR; the operation and maintenance management module is provided with a management protection layer, and the management protection layer comprises a bastion host, a WAF and the like; and the operation and maintenance database is provided with an SSL encryption layer which comprises data encryption and decryption, file encryption and decryption service, cloud disk encryption, DLP, a hardware encryption machine, intrusion prevention and the like. The system security architecturesets the independent security protection layers respectively according to the main architecture of the SaaS system, and the independent databases are adopted among tenants on the platform, so that the user data isolation level is high, and the security is good.