OWASP suggests methods of storing passwords, do you follow this methodology?
|
|
1
|
91
|
30 July 2021
|
What process do you use for cleaning data from reusable drives?
|
|
1
|
69
|
30 July 2021
|
Do you have any rhetorical incident process where we must report to you?
|
|
1
|
55
|
30 July 2021
|
How often do you review the security of your suppliers in relation to subcontracted services?
|
|
1
|
46
|
30 July 2021
|
Do you perform security related due diligence against your own suppliers?
|
|
1
|
49
|
30 July 2021
|
Does the organisation hold any Cyber or Information Security insurance?
|
|
1
|
61
|
30 July 2021
|
Would you be willing to provide the relevant scope/SoA of the ISMS?
|
|
1
|
45
|
30 July 2021
|
Does the Yotta hold ISO 27001 Part 2 accreditation?
|
|
1
|
62
|
30 July 2021
|
Can you provide your ICO Data Protection Register Number?
|
|
1
|
56
|
30 July 2021
|
Are Information Security responsibilities written into your staff employment contracts?
|
|
1
|
40
|
30 July 2021
|
Does Yotta have a dedicated resource/team responsible for Information Security?
|
|
1
|
47
|
30 July 2021
|
In the event of a security incident/hotfix, what information can be shared?
|
|
1
|
42
|
30 July 2021
|
Can Alloy make best use of existing solutions where appropriate?
|
|
1
|
91
|
30 July 2021
|
In Alloy who has access to the data?
|
|
1
|
97
|
30 July 2021
|
Does the audit of data changes capture what it was and what it changed to?
|
|
1
|
44
|
30 July 2021
|
Would you be willing to share the results of pen tests performed on Alloy?
|
|
1
|
62
|
30 July 2021
|
Has your Alloy ever been pen tested? If Yes, how often is it tested?
|
|
1
|
81
|
30 July 2021
|
Are changes to the service assessed for any potential security impact?
|
|
1
|
77
|
30 July 2021
|
Are full release notes provided with each release?
|
|
1
|
74
|
30 July 2021
|
Is the software subject to formal release management?
|
|
1
|
72
|
30 July 2021
|
Is the software subject to formal change management?
|
|
1
|
66
|
30 July 2021
|
Has the software been security tested with an automated product?
|
|
1
|
58
|
30 July 2021
|
Does any part of the solution being provided contain proprietary software?
|
|
1
|
65
|
30 July 2021
|
Has an SDLC (Software Development Lifecycle) been applied to the development of your software?
|
|
1
|
96
|
30 July 2021
|