Information security
Information security | Supplier's response |
---|---|
Do you have a policy that describes how employees may work remotely regarding the operation, management, and support of the services delivered? | Yes |
Do you have processes and routines in place for background checks on staff? | Yes |
Have you signed a confidentiality agreement (NDA) with your employees? The confidentiality agreement must include information about your customers. | Yes |
Do you have agreements that ensure confidentiality for subcontractors (NDA)? | Yes |
Do you regularly conduct staff training to increase information security awareness? | Yes |
Describe what measures you have in place for violating information security rules. | n/a |
Do you have documented rules, routines, and roles that describe the permitted use of the resources included in the delivery? | No |
Do you have routines and features for permanently deleting information related to the delivery? (The supplier must, on request, be able to present evidence that this has happened.) | No |
Do you conduct regular risk assessments for the system/service/application? | No |
What routines do you have for information management? | Documents and procedures |
What are your guidelines for system administration accounts? | Internal information |
Briefly describe what encryption routines you have in place. | Internal information
|
Do you encrypt all communications, and which encryption technologies are used? | n/a |
Describe your data destruction procedures. What happens to customer data if a customer leaves you? How do you handle the decommissioning or temporarily managing databases and storage media holding customer-related information? Within what time period is it managed? | We don’t store customer data. All data is stored in your SharePoint tenant |
Last updated