The Security Questionnaire Vortex

September 7, 2020

It is a fact of our new evolving world of complex technology that most suppliers of goods or services have a supply chain that includes software, hardware or service providers. These providers are specialised at what they do and that’s why a good supply chain works. The better suppliers you have the better goods and services you can offer your customers.

But how do you ensure that your suppliers have good information security governance? How do you ensure they are meeting the requirements you are obliged to meet for your industry regulators or for your customers?

This is where the Security Questionnaire has become a “useful” tool. It provides a process for suppliers to report to their client what they do to govern information security in their organisation and protect the valuable information assets being shared with them as they work together to win the heart and mind of their end customer.

In theory it sounds good right? In reality, the Security Questionnaire has become lengthy and onerous and lets face it, a damn pain in the butt. It comes in many formats from a 355 questionnaire about detailed security controls to a 12 question form that only asks questions about a companies security policies.

You are not alone. These are problems being experienced throughout the industry.

Despite the great work industry bodies like OWASP and ISO and CCM and PCI have done create guidelines and standards to direct businesses to follow similar patterns of information security governance, InfoSecAssure has never seen two questionnaires that have been the same.

Why are all the questionnaire’s different? Because most businesses have unique challenges, they have unique people with various skill sets and they have unique goals.

For more information about how to deal with these challenges in your business please contact us.

Secure your business.

"assurance"

confidence or certainty in one's own abilities.

“The business has given us assurance that they have security in place to protect our information”

Our Difference

Established and lead by industry experts.

At the helm of our privately owned, global RegTech firm are industry experts who understand that security controls should never get in the way of business growth. We empower companies large and small to remain resilient against potential threats with easily accessible software solutions for implementing information security governance, risk or compliance measures.

We support businesses every step of the way.

We don't just throw a bunch of standards at you and let you try and figure it out! We have designed a thoughtful way of supporting all businesses consider, articulate and develop security controls that suit the needs of the organisation and provide clever reporting capability to allow insights and outcomes from security assessments to be leveraged by the business and shared with third parties.

Our customers are the heart of our company.

Our platform places customers at the heart of our design process, while providing access to expert knowledge. With simple navigation and tangible results, we guarantee that all data is securely encrypted at-rest and in transit with no exceptions – meeting international standards with annual security penetration testing and ISO 27001 Certification.