ISO 27001 is commonly used for assessing supply chain and data breach risks during due diligence. This post provides a free ISO 27001 vendor questionnaire template for a high-level evaluation of vendor information security standards. Though this security assessment template only broadly covers Supply Chain Risk Management aspects of ISO 27001, it should still be sufficient for identifying potential deficiencies in a vendor’s security control strategy requiring further investigation.

New research from SecurityScorecard found that 98% of organizations have at least one vendor that’s had a breach in the last two years. Although this doesn’t necessarily mean affiliated organizations were affected by the breaches, it does emphasize the extensive range of potential exposure to indirect risks. Now more than ever, it’s crucial for vendors to develop a deep understanding of security questionnaires and to implement best practices.

FedRAMP refers to the Federal Risk and Authorization Management Program, a US government-created program to smooth the connection between its federal agencies and cloud service providers. The General Services Administration (GSA) established FedRAMP Program Management Office (FedRAMP PMO) to help achieve the following goals: This post will examine the benefits of using FedRAMP and will provide an overview of the system and its requirements for cloud service offerings (CSOs).

ISO 9000 and ISO 9001 are terms that are often used interchangeably when discussing quality management at an organization, but they actually refer to separate things. While both are related to quality assurance and ISO certification, they have distinct differences in their fundamentals and approach.

In today’s world, it’s important for your employees to learn about security and privacy best practices not only for their day-to-day roles at your company, but also to help inform the myriad of security and privacy decisions they make in their personal lives every day.

The UK government’s Security Policy Framework (SPF) outlines the expectations and requirements for security measures to be implemented across UK government departments, and external agencies handling government information and data assets. The framework covers various aspects of information security, including governance, risk management, technology and services, and culture and awareness.

In the ever-changing world of technology, staying secure is a top priority for many organizations. Identifying and documenting system boundaries is essential for keeping data safe and secure, but what does this mean? In this article, we’ll explore system boundaries, how to identify them, and how to generate system boundary diagrams. By the end of this guide, you’ll be well-versed in understanding system boundaries and creating diagrams that can help keep your information secure!

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

Designed to support the digital resiliency of financial institutions in the EU and UK, the Digital Operational Resilience Act is set to go in effect in January 2025. In this blog, we take a deep dive into what organizations must do in order to be compliant with this new legislation. Digital resiliency is one of the financial sector's most significant challenges today.

For SaaS applications and cloud service providers (CSPs), maintaining compliance with FedRAMP requirements is critical to the bottom line. It means the difference between working with U.S. government agencies—or not. But as one might expect from a bureaucratic process, getting FedRAMP authorization is complicated and takes time. Before starting the FedRAMP approval process, teams and company leaders must understand the required steps, prepare thoroughly, and muster their patience.