Access Code
*
Back
Next
Save
Smith Capital Vendor Questionnaire
Name of Individual Completing
First Name
Last Name
Email
*
example@example.com
Title
Company
Back
Next
Save
Describe any material changes to your firm that were made over the past year.
Has there been any departures of key employees at your firm? If yes, please provide detail.
Back
Next
Save
When was the last back-up and recovery process tested? Were there any material issue or changes to your back-up and recovery process?
What was the date of your last disaster recovery exercise? Please provide a summary of the results and/or a copy of your Disaster Recovery and Business Continuity Plan.
Browse Files
Cancel
of
Browse Files
Cancel
of
Back
Next
Save
Is a background check required for all employees accessing and handling the organization's data?
Yes
No
Do all staff receive information security awareness training? If yes, how often is training conducted?What topics have recently been covered in your employee training?
Do you periodically assess the security controls in your organization?
Yes
No
How often and who oversees this process?
Back
Next
Save
Is antivirus software installed on data processing servers?
Yes
No
Is antivirus software installed on workstations?
Yes
No
Are system and security patches applied to workstations on a routine basis?
Yes
No
Is access restricted to systems that contain sensitive data?
Yes
No
Are network boundaries protected by firewalls?
Yes
No
Is physical access to data processing equipment (servers and network equipment) restricted?
Yes
No
Do you maintain an inventory of data, information, and vendors?
Yes
No
Back
Next
Save
Do you conduct penetration testing? If Yes, please provide detail regarding the testing.
Is regular network vulnerability scanning performed? If Yes, please provide detail regarding the scanning.
Are Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) used by your organization?
Yes
No
Back
Next
Save
Are employees required to use a VPN when accessing the organization's systems from all remote locations? If no, please explain how employees access systems remotely.
Do you maintain policies and procedures detailing specified actions to undertake, including who to contact if sensitive information was lost, stolen, or unintentionally disclosed/misdirected. If so please summarize or provide.
Browse Files
Cancel
of
If an information security breach occurred, how would we be notified of the breach? Does the organization have a formal Incident Response plan?
Back
Next
Save
Does MachineLogic outsource its data storage? If yes, who do you use to outsource data storage?
Has MachineLogic experienced an information security, or any cybersecurity breach in the past five years?
Yes
No
If so please describe remediation steps taken. Please provide detail if Smith Data was included in the breach:
Does the organization receive an SOC 1 / SSAE 16 / SSAE 18 / SOC 2 Report, or any audit report conducted by a 3rd party? If yes, please provide a copy. If it is your policy to not send out the report please provide a summary.
Browse Files
Cancel
of
Back
Next
Save
Please provide a summary of your insurance coverage, including any cybersecurity insurance coverage.
Please provide any additional support or comments.
Browse Files
Cancel
of
Back
Next
Save
Are employees subject to a Code of Conduct similar policy? If so please provide the policy.
Yes
No
Browse Files
Cancel
of
Have there been any material violations of the Code of Conduct policy in the past two years?
Back
Next
Save
Should be Empty: