Do requirements for non-disclosure or confidentiality agreements reflect the organization’s needs for the protection of data and operational details identified, documented and reviewed at planned intervals?
Does legal counsel review all third party agreements?
Is your organization insured by a 3rd party for losses?
Do your organization’s service level agreements provide remuneration for losses they may incur due to outages or losses experienced within your infrastructure?
Please upload a list of information security controls enforced as a part of the privacy law requirements
Can you provide the physical location/geography of storage of ‘s data upon request?
Do you have agreements which ensure your providers adhere to your information security and privacy policies?
Do you have a documented procedure for responding to requests for data from governments or third parties?
Do you store information subjected to any privacy laws and regulations?
Do you fully comply with the requirements you are subjected to?