Information Security

 View Only

Welcome to the Information Security Community. Here you will find the latest discussions and resources that can help you in this area. This community is dedicated to discussions related to SOCs, business continuity and disaster recovery planning, cybersecurity, and other information security topics and challenges. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Information Security: You're expected to understand your vendor's approach to security. Verifying a vendor’s information security practices are sound is vital to safeguarding your data. It needs to be a requirement since the protection of your data, regardless of the size of your organization, and the protection of each individual customer are fundamental to the success of your organization.

Latest Discussion Posts

  • Profile Picture

    RE: Information Security Policy Assessments

    This message was posted by a user wishing to remain anonymous You mentioned PCI - I have a critical vendor that will have access to a lot of customer information beyond cardholder data. Their PCI indicates segmented - it is my understanding that ... More

  • Profile Picture

    RE: Information Security Policy Assessments

    This message was posted by a user wishing to remain anonymous Having been on both sides of the table... As a vendor, I never shared policies outside of the organisation as they were considered to be proprietary. There were times when a policy included ... More

  • Profile Picture

    Information Security Policy Assessments

    This message was posted by a user wishing to remain anonymous Similar to reviewing and assessing SOC reports, does anyone currently do assessments on your third-party vendors' information security policies? If so, would you be willing to share? Thanks ... More

  • If your vendor relationship hasn't changed much, start by asking what has changed in the last 12 months (or 6 months, depending on your review frequency). From there, gather any relevant control documents that support the product/service hosted with the ... More

  • I've attached the questionnaire we use annually. More

Polls