Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Questionnaire for Ongoing monitoring

    This message was posted by a user wishing to remain anonymous
    Posted 9 days ago
    This message was posted by a user wishing to remain anonymous

    Can you share the questionnaire you use and send for ongoing monitoring of critical vendor or vendors who you are sending personal / regulated data? Is it the same as the one used during vendor onboarding?

    Appreciate your help. 

    Thank you. 



  • 2.  RE: Questionnaire for Ongoing monitoring

    Posted 5 days ago

    Check out a SigLite questionnaire.

     




    Original Message


  • 3.  RE: Questionnaire for Ongoing monitoring

    Posted 5 days ago

    Yes, Shared Assessments' SIG and SIGLite are good (https://sharedassessments.org/sig/), but make sure you fully utilize your vendors' security certifications and other compliance reports like SOC 2 first, as these assessments are largely duplicative (although not wholly). 

     

    Blindly sending these long questionnaires actually reduces the quality of your vendor's security postures because they spend SO much time answering duplicative questions when that time should be spent working on improving and/or monitoring their security.

     

     

    signature_2449658008

       

    Frank M. Delker, CPA, CISA, CIPM 

    Sr. Director of Compliance

     

     

     

     




    Original Message


  • 4.  RE: Questionnaire for Ongoing monitoring

    Posted 5 days ago

    Will forward you - your email id 


    Original Message