• Document: Client Security Risk Assessment Questionnaire
  • Size: 18.74 KB
  • Uploaded: 2018-12-08 23:00:41
  • Status: Successfully converted


Some snippets from your converted document:

Client Security Risk Assessment Questionnaire Name of Company: Company's Website: Contact Person Completing the Assessment: Email Address: Phone Number: Select the appropriate answer from the drop down in the Response column, and provide a brief description in the Comments section. Endeavor's Comments/Questions to Client Information Security Assessment Questions Response Comments responses Organizational Information Security 1 Do you have a member of your organization with dedicated information security duties? 2 Is a background check required for all employees accessing and handling the organization's data? 3 Does the organization have written information security policies? 3.1 If yes, please provide copies when responding to this assessment 4 Does the organization have a written password policy that details the required structure of passwords? 4.1 How do you verify password strength? 5 Do all staff receive information security awareness training? Does the organization have a Data Access Policy and are they willing to comply with the policies as well as 6 the data protection guidelines? 7 Does the organization have a formal change control process for IT changes? 9 Will your company be processing credit cards? 9.1 If yes, is your company PCI DSS compliant? General Security 10 Is antivirus software installed on data processing servers? 11 Is antivirus software installed on workstations? Georgia Tech Third Party Security Assessment Prepared by: OIT-IS/vna Last Revised: 4/24/2012 1 of 5 Version: 3.0 Client Security Risk Assessment Questionnaire Name of Company: Company's Website: Contact Person Completing the Assessment: Email Address: Phone Number: Select the appropriate answer from the drop down in the Response column, and provide a brief description in the Comments section. Endeavor's Comments/Questions to Client Information Security Assessment Questions Response Comments responses 12 Are system and security patches applied to workstations on a routine bases? Organizational Information Security 13 Are system and security patches applied to servers on a routine bases? 13.1 Are system and security patches tested prior to implementation in the production environment? 14 Do employees have a unique log-in ID when accessing data? 15 Does the organization have security measures in place for data protection? 15.1 If yes, please describe in the comments section Is access restricted to systems that contain sensitive data? 16 (credit card numbers, social security numbers, HIPAA, & FERPA data sensitive) 16.1 If yes, what controls or are currently in place to restrict access? 17 Is physical access to data processing equipment (servers and network equipment) restricted? 17.1 If yes, what controls are currently in place? 18 Is there a process for secure disposal of both IT equipment and media? 18.1 If yes, please describe in the comments section Network Security 19 Are network boundaries protected by firewalls? 20 Is regular network vulnerability scanning performed?

Recently converted files (publicly available):