|
Is it possible to mix SSO and application username & password accounts?
|
|
1
|
152
|
30 July 2021
|
|
Does the solution integrate with Azure Active Directory?
|
|
1
|
122
|
30 July 2021
|
|
Do user passwords expire?
|
|
1
|
139
|
30 July 2021
|
|
Are accounts deactivated if not used for an amount of time?
|
|
1
|
129
|
30 July 2021
|
|
When do sessions timeout for authenticated users?
|
|
1
|
148
|
30 July 2021
|
|
How are new Alloy users notified when their account is created?
|
|
1
|
123
|
30 July 2021
|
|
Does the solution support the reuse of the GoogleID/Azure ID via OAuth2/OpenID Connect?
|
|
1
|
177
|
30 July 2021
|
|
What additional controls are in place to support the unauthorised access of data?
|
|
1
|
134
|
30 July 2021
|
|
Are users shown that a failed login was a username or password that was incorrect?
|
|
1
|
128
|
30 July 2021
|
|
What is the password reset process?
|
|
1
|
142
|
30 July 2021
|
|
Is the password policy configurable?
|
|
1
|
153
|
30 July 2021
|
|
OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
152
|
30 July 2021
|
|
What process do you use for cleaning data from reusable drives?
|
|
1
|
96
|
30 July 2021
|
|
Do you have any rhetorical incident process where we must report to you?
|
|
1
|
87
|
30 July 2021
|
|
How often do you review the security of your suppliers in relation to subcontracted services?
|
|
1
|
71
|
30 July 2021
|
|
Do you perform security related due diligence against your own suppliers?
|
|
1
|
74
|
30 July 2021
|
|
Does the organisation hold any Cyber or Information Security insurance?
|
|
1
|
87
|
30 July 2021
|
|
Would you be willing to provide the relevant scope/SoA of the ISMS?
|
|
1
|
78
|
30 July 2021
|
|
Does the Yotta hold ISO 27001 Part 2 accreditation?
|
|
1
|
113
|
30 July 2021
|
|
Can you provide your ICO Data Protection Register Number?
|
|
1
|
85
|
30 July 2021
|
|
Are Information Security responsibilities written into your staff employment contracts?
|
|
1
|
60
|
30 July 2021
|
|
Does Yotta have a dedicated resource/team responsible for Information Security?
|
|
1
|
68
|
30 July 2021
|
|
In the event of a security incident/hotfix, what information can be shared?
|
|
1
|
74
|
30 July 2021
|
|
Can Alloy make best use of existing solutions where appropriate?
|
|
1
|
134
|
30 July 2021
|
|
In Alloy who has access to the data?
|
|
1
|
148
|
30 July 2021
|
|
Does the audit of data changes capture what it was and what it changed to?
|
|
1
|
78
|
30 July 2021
|
|
Would you be willing to share the results of pen tests performed on Alloy?
|
|
1
|
91
|
30 July 2021
|
|
Has your Alloy ever been pen tested? If Yes, how often is it tested?
|
|
1
|
120
|
30 July 2021
|
|
Are changes to the service assessed for any potential security impact?
|
|
1
|
109
|
30 July 2021
|
|
Are full release notes provided with each release?
|
|
1
|
104
|
30 July 2021
|