General Compliance Information
|
|
1. Check off each of the compliance requirements apply to your firm:
|
|
|
2. Does your company take credit cards as a form of payment?:
|
|
|
3. Does your company have annual 3rd party Audits?:
|
|
|
4. What is the name of your compliance officer (if in house or name of 3rd party contact):
|
|
Security Testing
|
| 1. When was the last time your company had an external penetration test done?
|
|
|
2. When was the last time your company had an internal security assessment done?
|
|
| 3. When was the last time your company had a full disaster recovery test done?
|
|
Physical Environment
|
| 1. Is your network equipment (server/switch/firewall/router) in a secure, locked location with employee restricted access?
|
|
| 2. Is there a mechanism in place to remotely wipe handheld devices of sensitive data if the handhelds are lost?
|
|
| 3. Are there security safeguards to prevent someone from accessing company data by using an external USB stick or external hard drive connected to a user computer?
|
|
Data Security
|
| 1. Are your security and system logs checked at least monthly?
|
|
| 2.Is there regular checking of system breaches?
|
|
| 3.Do periodic risk assessments occur?
|
|
| 4. Are checks made and records kept of intrusions and responses including reports to regulators, notification of customers, actions taken, etc.
|
|