Are there any relevant policy, compliance or third-party attestation issues?
Before executing a security site assessment, service providers should establish the standards that the assessment must meet. Learn why it's important to identify standards such as relevant policies, compliance and third-party attestation.
![]() |
||||
|
![]() |
|||
![]() |
Identifying relevant policies can greatly help focus the assessment. It may also surface areas that the client has already identified as potential gaps, such as through known policy exceptions or past audit results. Value-added resellers should also always ask if the client is required to demonstrate compliance with any of the numerous security-related regulations and standards (e.g., PCI-DSS, SOX, HIPAA, GLBA, ISO 2700x and so on). This will clarify any synergies and/or impacts to upcoming compliance audits or initiatives. Finally, the customer should be asked if the results of testing will be used for purposes of attestation to third parties, in order to pre-establish clear standards for "pass/fail," any special deliverable content and format requirements, and ownership/reuse rights in the deliverables.
Start the conversation
0 comments