Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Virtual Desktop /Support - questions on due diligence needed

    Posted 08-03-2022 02:27 PM
    We have a vendor that would be providing our IT team with support.  They would:
    *have access to services that support our use of Microsoft's Cloud products and if they need to check and ensure things are working, any activity is recorded. 
    * train our employees and comply with our information security policies and report any exposures or incidents

    What, if anything beyond the "basic" due diligence (COI, W9, business license, financials), would you request from them?


  • 2.  RE: Virtual Desktop /Support - questions on due diligence needed

    Posted 08-10-2022 07:46 AM
    Hello, just a couple suggestions. I would make sure that you have a Non-Disclosure with them specific to GLBA compliance and I would request their Security Policy and HR Policy (Specifically hire practices with criminal background checks and that they are an equal opportunity employer). Since they are supporting Microsoft Cloud, you have the right to seek any such certifications their techs may have. Hope this helps.

    Paul

    ------------------------------
    Paul P Pelletier
    ------------------------------