Loading…

Data Security Vendor Checklist

Vendor Data Compliance Management is the process by which organizations understand and control the risks associated with sharing and/or storing data for third parties.  Today's world has data integrating and moving often between multiple vendors instantly, understanding where and how this data is secured is a critical component of any Data Management Plan.

As data breaches become more common, the risk is too large to not understand how a vendor is securing the data.  Having an effective vendor data compliance management plan in place, you will be able to identify, mitigate, and better control your risk while improving the security of your organization.  In addition this is required to be compliant with HIPAA, PCI-DSS, NY CRR 500, and SOC2 certifications.

 

Technology Org Chart

The Technology Organization Chart is a easy template to help build out a list of services, applications, and vendors that are used to help establish a proper data classification and security plan.  The Technology Org Chart is a fast way to kickstart your understanding of data security.

Acceptable Use Policy

This Acceptable Use Policy covers the security and use of all {ORGANIZATION NAME’s} (COMPANY) technology equipment, data, and other resources.

Effective security is a team effort involving the participation and support of every COMPANY employee (temporary, contract, salary, and others paid by COMPANY) and affiliate (contractors, agents, and third parties) who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.  This policy applies to all COMPANY employees and affiliates that access or utilize any above resources (hereafter referred to as ‘individuals’).

Data Classification Policy

The purpose of this policy is to establish a framework for classifying data based on its sensitivity, value and criticality to the organization, so sensitive corporate and customer data can be secured appropriately.

Data Mangement Policy

The purpose of this policy is to gather and use certain data which contains information on customers, suppliers, business contacts, employees, or other propriety and confidential data held by the company.  The policy describes how this data must be collected, handled, and stored to meet data protection standards and comply with the law.

Essential Employee Sample Letter (Technology)

This sample letter documents that an employee has been designated as an Essential Worker by the your company in accordance with guidance from the Department of Homeland Security Advisory memorandum on ensuring essential critical infrastructure ability to work during the covid-19 response dated December 16, 2020.

During times of a government mandated lockdown, employees should include this document while traveling for work purposes.

Incident Response Plan

The Incident Management Plan has been developed to provide direction and focus to the handling of information security incidents that adversely affect Information Resources.

The Incident Management Plan applies to any person or entity charged by the Incident Response Commander with a response to information security related incidents at the organization, and specifically those incidents that affect Information Resources.

The purpose of the Incident Management Plan is to allow to respond quickly and appropriately to information security incidents.

 

Mobile Device Policy

Personal computing devices (smart watches, smartphones, tablets, convertible laptops, and various other personal computing devices) are becoming a standard in today’s computing environment.  Their size, portability, and increasing functionality are making the devices desirable in replacing traditional desktop devices or more frequently used for work related purposes.  However, the portability offered by these devices can also increase security exposure to individuals and the organization.

 

© 2021 The Morning Breach, All Rights Reserved. Produced and Created by Scott R Davis