do you have documented measures in place to protect PII?
Are role based access methods used to ensure users are authorized to access only what is required per their job responsibility?
Are there file integrity and/or intrusion detection/prevention (IDS or IPS) tools implemented to help facilitate timely detection,
investigation, and response to security incidents?
Are technical controls implemented to prevent the execution of malware on managed endpoint devices, and applicable
network and system infrastructure?
Does your system support SAML authentication for employees to access the data?
Will you have access to or receive any Personally identifiable information (PII)?
Are there policies, procedures, and technical controls implemented to protect all wireless network environments from
unauthorized access and traffic?
Are processes in place to ensure the timely removal of user access when it’s no longer needed per job function or at the
time of termination?
Is information encrypted at rest (i.e. stored on disk, etc.) utilizing industry accepted algorithms (AES-256, etc.)?
Where is information stored? (Non-Prod, Prod, Development, Back-Office, Local laptops/workstations)