4Service Inc. Managed Data Recovery Services
Business Continuity Survey | Contact | Home
 
Security Policy

1. Is there a current, documented corporate security policy?
     Yes  - If Yes, please provide an overview of the pertinent details.
     No    - If No , do you think that such a policy could be of value to your organization?
     

2. Does the policy explicitly define "acceptable use" of all company resources?
     Yes      No      NA


3. Does the security policy specify the security responsibilities of managers and employees?
     Yes      No

Organizational Security

4. Is there an individual or organization responsible for overseeing the company's overall security program?
     Yes      No

5. Is there an individual or organization responsible for overseeing the company's security with respect to your company's external electronic business activities?
     Yes      No

6. Is there an individual or organization responsible for overseeing the company's security with respect to your company's third party relationships?
     Yes      No      NA

Asset Control & Classification

7. Is there an inventory of all business critical information and IT assets?
     Yes      No

8. Has your company published a formal privacy policy to all employees?
     Yes      No

9. Has your company's formal privacy policy been approved by legal counsel?
     Yes      No

Personnel Security

10. Are employees, consultants and contract personnel educated about their IT security responsibilities when hired?
     Yes      No

11. As part of the hiring/contracting process, are applicants for system administration, security administration, sensitive programming, and other positions requiring high level access to mission critical systems subject to background checks with law enforcement authorities (and government agencies if warranted)?
     Yes      No

12. Are there specific processes to control physical, logical on-site, and remote access of all third party contractors?
     Yes      No

Computer and Network Management

13. Are firewalls used to prevent unauthorized access on all connections from internal networks and systems to external networks?
     Yes      No

14. Are remote users authenticated before being allowed to connect to internal networks and systems?
     Yes      No

15. Are there documented operating procedures for security requirements of all mission critical systems?
     Yes      No

16. Are backup and recovery procedures documented for all mission critical systems?
     Yes      No

17. Are backups taken once per week, kept for at least two weeks and stored stored offsite in a secure location ?
     Yes      No

18. Are recovery procedures tested at least quarterly?
     Yes      No

System Access Controls

19. Is there a documented access control policy for all mission critical systems?
     Yes      No

20. Are all access controls monitored for compliance?
     Yes      No

21. Are documented procedures in place for user and password management?
     Yes      No

22. Are there security requirements for systems, applications and files?
     Yes      No

Security Compliance

23. Are official company records safeguarded and controlled?
     Yes      No

24. Are there regular security reviews of IT systems by internal audit personnel or a trusted third party?
     Yes      No

25. Are there comprehensive penetration tests conducted at least once a month to verify the security of the company's perimeter network controls (e.g. firewalls, external routers, remote access servers, etc.)?
     Yes      No

26. Are all accesses to sensitive programs reviewed regularly for potential abuses and abnormalities?
     Yes      No

Business Contingency Planning

27. Are contingency plans in place for all mission critical business processes?
     Yes      No

28. Do contingency plans include provisions for returning to normal operations?
     Yes      No

29. Are business contingency plans tested at least annually?
     Yes      No

30. Are there fault tolerant or redundant connections to your critical business application servers?
     Yes      No

31. Which industry category(ies) best describes your company? (e.g. Finance, Healthcare, Legal, Entertainment)

     

4SERVICE, INC. THANKS YOU VERY MUCH FOR COMPLETING THIS CONFIDENTIAL SURVEY.

We will be happy to send you a FREE report of your company's Business Continuity Preparedness . To receive your report, please complete the form below.
I wish to receive my report E-Mail at       
I wish to receive my report via FAX at    
I wish to receive my report via US Mail marked "CONFIDENTIAL"


Your Name:

Title:

Company Name:

Company Street Address:

City, State, ZIP Code:


Telephone Number:      Extentsion:
       

 
 

4service.webex.com | Privacy Policy | Terms & Conditions | Related Sites | Site Map
© 2004 4Service Inc. Los Angeles, Las Vegas and Missouri.

Backup Solutions | Server Imaging | Disk Based Backups | Real Time Replication | Server Replication | Online Backup

 Offsite Data Protection | Backup IT Protection | Continuity Center | Email Archiving | Offsite Data Storage | Data Protection

Business Disaster Recovery | Business Continuity Planning | Colocation | Backup Solutions | Continuous Data Backup

About Us | Contact Us | Our Company | Clients | Industries