Information Security

 View Only

Welcome to the Information Security Community. Here you will find the latest discussions and resources that can help you in this area. This community is dedicated to discussions related to SOCs, business continuity and disaster recovery planning, cybersecurity, and other information security topics and challenges. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Information Security: You're expected to understand your vendor's approach to security. Verifying a vendor’s information security practices are sound is vital to safeguarding your data. It needs to be a requirement since the protection of your data, regardless of the size of your organization, and the protection of each individual customer are fundamental to the success of your organization.

Latest Discussion Posts

  • I'm glad my answer was helpful! The CAIQ I mentioned before is designed to assess the security controls of all three providers – SaaS, IaaS, and PaaS. The questionnaire contains yes/no questions, which makes it easy to determine whether the provider is ... More

  • Good day Jamie, Thank you for this insightful information - much appreciated! What we attempt in our assessment (my team is only responsible for the Security assessment aspect) we have the basic questions in terms of Security posture, policies, ISMS ... More

  • Profile Picture

    RE: Vetting SaaS Vendors

    This message was posted by a user wishing to remain anonymous Thank you for this insightful information Christine! How would you recommend vetting for IaaS and PaaS supplier (only in terms of the Security Controls)? Anyone in the community using ... More

  • Michael, please see the HECVAT (Higher Education Cloud Vendor Assessment Tool) that's used by Universities to assess cloud vendors. These questions apply to any cloud vendor. Here's the link: Higher Education Community Vendor Assessment Toolkit | EDUCAUSE ... More

  • It might be difficult to develop a template to vet SaaS vendors, since this is such a broad category. However, I'll provide some best practices and recommendations that should help you get started in vetting SaaS vendors. Best practices for assessing ... More