Security Assessments, Security Questionnaires, Vendor Assessments, Technical RFPs – whatever you call them – are unavoidable in the world of SaaS and are a pain to complete. Moreover, they’re a big part of closing new opportunities and maintaining or upselling existing accounts. But what many people don’t realize is that the Security Assessment response process can be made less painful and, dare we say, fun!
To make your security questionnaire process a little bit faster, we're going to share some common questions that tend to appear so you can get a leg up on building our your security questionnaire response content.
Common questions we typically see:
- Are employees subject to background checks? Please describe the type and level of background check.
- Are employees required to sign NDA or confidentiality agreements?
- Describe any employee access to client data.
- Is there a security incident management process in place? Please describe.
- How frequently are your information security policies reviewed?
- Is there a formal process for reporting and responding to privacy complaints or privacy incidents? Please describe.
- Are visitors permitted? Please describe what locations within your office(s) visitors have access to.
- Please describe security systems in place for visitors, including badges, supervision, and sign-in systems.
- Are closed-circuit cameras utilized at all entrances and exits in your offices?
- What third-party audits are regularly performed?
- What third-party security certifications does your organization have? When were these last updated?
- Does your organization run intrusion detection or intrusion protection on the network?
- Do you have alternate data centers in case of disasters?
- Does your solution support redundancy and load balancing?
- What is the recovery time from failure due to technical issues?
Our goal is to make your life simpler. So, here is a handy template to access these questions and more. Download it to get your Library started!
The answers to these questions will form the base of your security content library. Having a searchable Library will help make this content reusable so you and your team can leverage it for that next Security Questionnaire that comes in through the door!