• Access Code *
• Back

  Next

• Smith Capital Vendor Questionnaire

• Name of Individual Completing
  First Name Last Name
• Email *
  example@example.com
• Title
• Company
• Back

  Next

• Describe any material changes to your firm that were made over the past year.
• Has there been any departures of key employees at your firm? If yes, please provide detail.
• Back

  Next

• When was the last back-up and recovery process tested? Were there any material issue or changes to your back-up and recovery process?
• What was the date of your last disaster recovery exercise? Please provide a summary of the results and/or a copy of your Disaster Recovery and Business Continuity Plan.
• Browse Files

  Cancel of
• Browse Files

  Cancel of
• Back

  Next

• Is a background check required for all employees accessing and handling the organization's data?
  Yes No
• Do all staff receive information security awareness training? If yes, how often is training conducted?What topics have recently been covered in your employee training?
• Do you periodically assess the security controls in your organization?
  Yes No
• How often and who oversees this process?
• Back

  Next

• Is antivirus software installed on data processing servers?
  Yes No
• Is antivirus software installed on workstations?
  Yes No
• Are system and security patches applied to workstations on a routine basis?
  Yes No
• Is access restricted to systems that contain sensitive data?
  Yes No
• Are network boundaries protected by firewalls?
  Yes No
• Is physical access to data processing equipment (servers and network equipment) restricted?
  Yes No
• Do you maintain an inventory of data, information, and vendors?
  Yes No
• Back

  Next

• Do you conduct penetration testing?  If Yes, please provide detail regarding the testing.
• Is regular network vulnerability scanning performed? If Yes, please provide detail regarding the scanning.
• Are Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) used by your organization?
  Yes No
• Back

  Next

• Are employees required to use a VPN when accessing the organization's systems from all remote locations?  If no, please explain how employees access systems remotely.
• Do you maintain policies and procedures detailing specified actions to undertake, including who to contact if sensitive information was lost, stolen, or unintentionally disclosed/misdirected. If so please summarize or provide.
• Browse Files

  Cancel of
• If an information security breach occurred, how would we be notified of the breach? Does the organization have a formal Incident Response plan?
• Back

  Next

• Does MachineLogic outsource its data storage? If yes, who do you use to outsource data storage?
• Has MachineLogic experienced an information security, or any cybersecurity breach in the past five years?
  Yes No
• If so please describe remediation steps taken. Please provide detail if Smith Data was included in the breach:
• Does the organization receive an SOC 1 / SSAE 16 / SSAE 18 / SOC 2 Report, or any audit report conducted by a 3rd party?  If yes, please provide a copy. If it is your policy to not send out the report please provide a summary.
• Browse Files

  Cancel of
• Back

  Next

• Please provide a summary of your insurance coverage, including any cybersecurity insurance coverage.
• Please provide any additional support or comments.
• Browse Files

  Cancel of
• Back

  Next

• Are employees subject to a Code of Conduct similar policy? If so please provide the policy.
  Yes No
• Browse Files

  Cancel of
• Have there been any material violations of the Code of Conduct policy in the past two years?
• Back

  Next

• Should be Empty: