Supplier Profile
Supplier Primary Contact
(optional)
required only when request for assessment!
(optional)
required only when request for assessment!
(optional)
Supplier ASsessment
Does the supplier’s contract include the following list of Information Security controls?
-
Data at-rest and in-transit protection
-
Information Security awareness training for all staff with access to the Customer Information
-
Cryptographic key management system
-
Customer data breach notification
-
Secure processes for management and disposal of Customer Information
-
Limited access to the Customer Information based on the “Need to Know” and “Least Privilege” principles
Have you ever assessed the supplier's Information Security capabilities over the environment containing the Customer Information according to the requirements of an accepted security framework (e.g., ISO 27001, NIST Cybersecurity, PCI-DSS)?
Have you noticed any unresolved control weakness within the supplier environment that could have a major impact on the confidentiality or availability of the Customer Information?
(optional)
Acknowledgement
Please fill in all the mandatory fields!
Supplier Primary Contact
(optional)
required only when request for assessment!
(optional)
required only when request for assessment!
(optional)
Supplier Access
What category of data is the supplier held or have access to?
(Select if applicable)
Which Crown Jewels this supplier have access?
(Select if applicable)
Should the audit function review the evidence of control implementation?