• Access Code*
• Back

  Next

  Save

• Smith Capital Vendor Questionnaire

• Name of Individual Completing
  First NameLast Name
• Email*
  example@example.com
• Title
• Company
• Back

  Next

  Save

• Describe any material changes to your firm that were made over the past year.
• Has there been any departures of key employees at your firm? If yes, please provide detail.
• Back

  Next

  Save

• When was the last back-up and recovery process tested? Were there any material issue or changes to your back-up and recovery process?
• What was the date of your last disaster recovery exercise? Please provide a summary of the results and/or a copy of your Disaster Recovery and Business Continuity Plan.
• Browse Files

  Cancelof
• Browse Files

  Cancelof
• Back

  Next

  Save

• Is a background check required for all employees accessing and handling the organization's data?
  YesNo
• Do all staff receive information security awareness training? If yes, how often is training conducted?What topics have recently been covered in your employee training?
• Do you periodically assess the security controls in your organization?
  YesNo
• How often and who oversees this process?
• Back

  Next

  Save

• Is antivirus software installed on data processing servers?
  YesNo
• Is antivirus software installed on workstations?
  YesNo
• Are system and security patches applied to workstations on a routine basis?
  YesNo
• Is access restricted to systems that contain sensitive data?
  YesNo
• Are network boundaries protected by firewalls?
  YesNo
• Is physical access to data processing equipment (servers and network equipment) restricted?
  YesNo
• Do you maintain an inventory of data, information, and vendors?
  YesNo
• Back

  Next

  Save

• Do you conduct penetration testing?  If Yes, please provide detail regarding the testing.
• Is regular network vulnerability scanning performed? If Yes, please provide detail regarding the scanning.
• Are Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) used by your organization?
  YesNo
• Back

  Next

  Save

• Are employees required to use a VPN when accessing the organization's systems from all remote locations?  If no, please explain how employees access systems remotely.
• Do you maintain policies and procedures detailing specified actions to undertake, including who to contact if sensitive information was lost, stolen, or unintentionally disclosed/misdirected. If so please summarize or provide.
• Browse Files

  Cancelof
• If an information security breach occurred, how would we be notified of the breach? Does the organization have a formal Incident Response plan?
• Back

  Next

  Save

• Does MachineLogic outsource its data storage? If yes, who do you use to outsource data storage?
• Has MachineLogic experienced an information security, or any cybersecurity breach in the past five years?
  YesNo
• If so please describe remediation steps taken. Please provide detail if Smith Data was included in the breach:
• Does the organization receive an SOC 1 / SSAE 16 / SSAE 18 / SOC 2 Report, or any audit report conducted by a 3rd party?  If yes, please provide a copy. If it is your policy to not send out the report please provide a summary.
• Browse Files

  Cancelof
• Back

  Next

  Save

• Please provide a summary of your insurance coverage, including any cybersecurity insurance coverage. 
• Please provide any additional support or comments.
• Browse Files

  Cancelof
• Back

  Next

  Save

• Are employees subject to a Code of Conduct similar policy? If so please provide the policy.
  YesNo
• Browse Files

  Cancelof
• Have there been any material violations of the Code of Conduct policy in the past two years?
• Back

  Next

  Save

• Should be Empty: