Information Security

 View Only

Welcome to the Information Security Community. Here you will find the latest discussions and resources that can help you in this area. This community is dedicated to discussions related to SOCs, business continuity and disaster recovery planning, cybersecurity, and other information security topics and challenges. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Information Security: You're expected to understand your vendor's approach to security. Verifying a vendor’s information security practices are sound is vital to safeguarding your data. It needs to be a requirement since the protection of your data, regardless of the size of your organization, and the protection of each individual customer are fundamental to the success of your organization.

Latest Discussion Posts

  • Profile Picture

    Ongoing Monitoring for vendors holding PII

    This message was posted by a user wishing to remain anonymous For your vendors that host customer data, any best practices you utilize for ongoing monitoring aside of annual SOC reviews and annual key document review/collection? As an example, sending ... More

  • Profile Picture

    RE: FedRAMP

    My opinion would be to accept FedRAMP certification as an alternative to a SOC report for performing due diligence on an organization's IT infrastructure. FedRAMP audits are more specific and in depth than SOC reports which can be adjusted by the organization ... More

  • Profile Picture

    FedRAMP

    This message was posted by a user wishing to remain anonymous Hello, Is FedRAMP an acceptable alternative to a SOC report? Our potential vendor does not have a SOC report. Thank in advance for your response More

  • I too agree with Dave and the other post, however I will offer some additional insight (if you will indulge me with a little story telling). My personal information was first stolen in 1985. Some IT guy left back-up tapes in the back seat of his car ... More

  • This message was posted by a user wishing to remain anonymous Because the question is a bit ambiguous, will answer in two parts. 1) On site inspection of information security at data centers: If the question is asking about physical security at data ... More

Polls