This message was posted by a user wishing to remain anonymous
For your vendors that host customer data, any best practices you utilize for ongoing monitoring aside of annual SOC reviews and annual key document review/collection? As an example, sending out semi-annual cyber questionnaires asking specific questions to get some assurance? If anyone has any best practices such as these including what questions you include please share.