I see these a lot as well and most of them seem to come from ISO 27000. ❧ Brian Mathis
On Wed, Oct 30, 2013 at 1:46 PM, Edward Ned Harvey (lopser) < [email protected]> wrote: > At a 3rd party communication service vendor where I work, we > occasionally (borderline regularly) see 3rd party security questionnaires > from prospective customers, which are almost identical. Questions like:** > ** > > ** ** > > Has an information security policy been implemented?**** > > Is there an access control policy based on the principle of least > privilege that has been implemented and communicated to all employees?**** > > Are procedures in place to register and revoke individuals from resource > access control lists?**** > > Are controls in place to provide access for authorized users based on > business need and least privilage?**** > > ** ** > > And so on, for pages and pages.**** > > ** ** > > My question is - there's so much similarity in these questionnaires, I'd > like to know where they come from. We'd like to prepare our "standard" one > of these questionnaires, and when customers request one to be completed, > we'd like to give them our standard generic version, to hopefully cut out a > lot of the work necessary to complete them.**** > > ** ** > > If I can't find a source of a "generic" one, I'm going to have to create > one from scratch, based on a difficult hand-merge of customer specific > versions of these questionnaires we've received from customers.**** > > ** ** > > Do any of you use such questionnaires? (I'm sure some do.) Where did you > get it from originally?**** > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
