Compliance With Customer IT Security Requirements
Do you have customers asking questions about your security?
You’re Not Alone! Vendor Risk Management is a growing area of concern for businesses that share information with other organizations.
The Problem:
A customer is requiring “proof” that you are secure. Often this takes the form of a security questionnaire you’re required to fill out, or a request for specific policies, or a request to perform an assessment, SAS70/SSAE16, etc.
This is good risk management on their side. The problem is that often the customer doesn’t have a good security program, so when they ask you for information about your security program, they may or may not know what they’re asking or why. You also likely don’t have an information security officer, and you may have no formal security program at all. So compliance with customer requests like this is difficult.
The Solution:
Don’t chase the compliance tail. Information security programs based on compliance (whether regulatory or customer driven) are ineffective and costly.
Instead, let FRSecure help. We have built hundreds of information security programs. Our programs are based on your organization and your real risks. We know how to discuss security with those customers that are asking. We speak their language, and can take “Customer Security Compliance” off your plate.
