Please describe your process and method for notifying clients about information security incidents that have or are suspected to have impacted their data
How long will your organization retain our confidential information? Select all that apply
How do you dispose of confidential information when it is not longer retained? Select all that apply.
Please select all process steps included in your organization’s formal, documented incident response
Please select who is ultimately notified of incidents. Select all that apply
Does your organization or a third party such as a data center or storage facility have physical custody of paper documents, electronic media, computer storage devices, or other technology that stores client confidential information?
Does your organization have an incident response policy or process?
Does your organization engage one or more qualified, independent parties to audit and or assess its information security program?
Does the company have an information classification scheme that classifies all sensitive, proprietary and non-public personal information managed by the organization?
Please attach all the relevant documents