So a vendor calls you and wants to sell you a new application for your organization that will help you to be more secure and increase productivity they claim. Good thing you have that vendor security checklist so that you can see if this new application and vendor conforms to the security controls that your organization has put in place. Wait… you don’t have a checklist or know what one is? Let me help you with that.
A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.
When reviewing the checklist and analyzing the vendors answers, if you are seeing gaps or have questions, make sure you call the vendor and get your questions answered. Making sure that the vendor or application conforms to your company’s security controls is a must and really a vendor security review should be done yearly or at the very least every other year.
So this information is great you say, but how do I go about creating a security checklist?
Creating a vendor security checklist can be a difficult task but with help from the websites above and reviewing your company’s polices you should be able to create a list that will help you in deciding if a vendor or application will conform to your company’s security requirements.
As always let me know your thoughts.