- After a data breach, are your policies and procedures reviewed to determine if any modifications need to be made?
- How are your systems protected against newly discovered vulnerabilities or threats?
- Do you have an Access Control policy?
- Do you have a documented Destruction of Media policy?
- Describe what physical security measures you have in place for unauthorised access to any of your work space (i.e key fob/ID card)?
- Do you have any sub-processor contracts?
- Do you have a procedure in place to ensure we are notified without delay of a data breach concerning the personal data of our customers and/or employees?