|
When do sessions timeout for authenticated users?
|
|
1
|
134
|
30 July 2021
|
|
How are new Alloy users notified when their account is created?
|
|
1
|
110
|
30 July 2021
|
|
Does the solution support the reuse of the GoogleID/Azure ID via OAuth2/OpenID Connect?
|
|
1
|
169
|
30 July 2021
|
|
What additional controls are in place to support the unauthorised access of data?
|
|
1
|
122
|
30 July 2021
|
|
Are users shown that a failed login was a username or password that was incorrect?
|
|
1
|
121
|
30 July 2021
|
|
What is the password reset process?
|
|
1
|
128
|
30 July 2021
|
|
Is the password policy configurable?
|
|
1
|
142
|
30 July 2021
|
|
OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
143
|
30 July 2021
|
|
What process do you use for cleaning data from reusable drives?
|
|
1
|
87
|
30 July 2021
|
|
Do you have any rhetorical incident process where we must report to you?
|
|
1
|
77
|
30 July 2021
|
|
How often do you review the security of your suppliers in relation to subcontracted services?
|
|
1
|
60
|
30 July 2021
|
|
Do you perform security related due diligence against your own suppliers?
|
|
1
|
64
|
30 July 2021
|
|
Does the organisation hold any Cyber or Information Security insurance?
|
|
1
|
75
|
30 July 2021
|
|
Would you be willing to provide the relevant scope/SoA of the ISMS?
|
|
1
|
61
|
30 July 2021
|
|
Does the Yotta hold ISO 27001 Part 2 accreditation?
|
|
1
|
83
|
30 July 2021
|
|
Can you provide your ICO Data Protection Register Number?
|
|
1
|
77
|
30 July 2021
|
|
Are Information Security responsibilities written into your staff employment contracts?
|
|
1
|
52
|
30 July 2021
|
|
Does Yotta have a dedicated resource/team responsible for Information Security?
|
|
1
|
61
|
30 July 2021
|
|
In the event of a security incident/hotfix, what information can be shared?
|
|
1
|
62
|
30 July 2021
|
|
Can Alloy make best use of existing solutions where appropriate?
|
|
1
|
117
|
30 July 2021
|
|
In Alloy who has access to the data?
|
|
1
|
138
|
30 July 2021
|
|
Does the audit of data changes capture what it was and what it changed to?
|
|
1
|
64
|
30 July 2021
|
|
Would you be willing to share the results of pen tests performed on Alloy?
|
|
1
|
86
|
30 July 2021
|
|
Has your Alloy ever been pen tested? If Yes, how often is it tested?
|
|
1
|
110
|
30 July 2021
|
|
Are changes to the service assessed for any potential security impact?
|
|
1
|
97
|
30 July 2021
|
|
Are full release notes provided with each release?
|
|
1
|
91
|
30 July 2021
|
|
Is the software subject to formal release management?
|
|
1
|
92
|
30 July 2021
|
|
Is the software subject to formal change management?
|
|
1
|
84
|
30 July 2021
|
|
Has the software been security tested with an automated product?
|
|
1
|
75
|
30 July 2021
|
|
Does any part of the solution being provided contain proprietary software?
|
|
1
|
86
|
30 July 2021
|