5 Steps To Responding To A Vendor Security Questionnaire

How to pass a vendor assessment test? During a previous job, I reviewed the security controls of many businesses that wanted to do business with a famous Hollywood Studio. We’d have an elaborate security questionnaire that we’d send out to vendors to fill up and submit. Having reviewed countless of these questionnaires, I developed a process to help me quickly identify the gaps:

#authentication – How do you provide access to your users? Do you have #MFA and/or #SSO enabled?

#datasecurity – Are you using a strong #encryption algorithm to encrypt data at rest and in transit? Are you rotating your keys at least on an annual basis?

#penetrationtesting – When was the last time you ran Penetration Testing on your application? Please note that a manual pen test is not the same as an automated #vulnerability scan.

#incidentresponse – Are you collecting all your logs in a centralized secure location and more importantly do you have a team to review the alerts generated by suspicious activities.

#patching – The simplest but often the most ignored one. Needs no explanation, hackers love it when you have unpatched vulnerabilities from the 2010s.

Are you sacrificing becoming a preferred provider for larger firms because you can’t pass their #cybersecurity audit? Careful Security is here to help!