This message was posted by a user wishing to remain anonymous
There needs to be a disciplined process in place for evaluating any software. What type of information is going to be processed, stored or housed? Will it be in-house or outsourced? What sort of compliance rigor backs it up? Has there been adequate testing? If it fails, what is the recovery plan or risk to the business or the customers?
Original Message:
Sent: 02-26-2020 10:04 AM
From: Michael Prowell
Subject: Software Vendors
I would like to see how some of my colleagues are vetting Software vendors. When a new Software vendor is given to you to provide Due Diligence on to be used into your current environment. What are some of the things that you all check to make sure that they are in compliance with your companies standards?