troubleshooting Question

Vendor Control Assessment

Avatar of Goraps
GorapsFlag for Canada asked on
ITIL* iso27001Security
2 Comments1 Solution181 ViewsLast Modified:
Looking for guidence on how to answer the following questions.. We are a small / medium company.

  1. Does your company have a written information security program designed to protect the confidentiality, integrity and availability of our information?  If the answer is yes, please note in the adjacent box whether it is recognized by any professional certification such as ISO27001, PCI-DSS AOC, SOC Type II reports, and if so, which one(s).

  1. Does your company have established controls for assessing and ongoing oversight of the adequacy of your own partners’ / suppliers’ IT Security postures? (Note - Leaning on contractual language / provisions is not the same.)  

  1. Does your company have a formalized, documented Corporate Incident Response policy and a formalized Breach Notification process?  
  2. We do not ....what is the best way to write one up?
ASKER CERTIFIED SOLUTION
btanExec Consultant
Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros