Data protection checklist for SW/IT supplier DP experts checklist - SingleCase

Security checklist for your SW/IT supplier

1. Do You Train Your Staff Regularly on Data Protection?

2. What Features Do You Offer to Help Us Become GDPR Compliant?

  • How do you encrypt my data?
  • Which data are encrypted and which are not?
  • Do you have access to the encryption key and therefore unencrypted data?
  • Where is the encryption key stored?
  • Do you encrypt every object with a different key?
  • Do you ensure password quality (disallowing weak passwords)?
  • How do you store user passwords?
  • Do you use slow hashing functions to protect passwords?
  • Is 2-factor authentication used?
  • Is your architecture highly available (using load balancers, auto-scaling etc.)?
  • Are the data stored/backed-up on multiple locations?
  • Is your SW architecture audited?
  • Is the source code periodically audited?
  • Do you do penetration testing?

3. Can You Process Customer Data Deletion Requests From Us? If So, How Quickly?

4. Do Any Third-parties Have Access to our Customer’s Data?

5. What Data Breach Protection And Protocols Do You Have? Can you Detect Data Breaches?

  • What protection mechanisms do you use?
  • Which type of attacks can you detect?
  • How do you evaluate if the data has been compromised?
  • Have you identified possible disaster scenarios?
  • Is there a disaster recovery plan in place?

6. How Easy is it to Export Data? Is All Data Ready For Portability Requests?

  • Which data can be exported?
  • How can I export the data? Do I need your help?
  • What is the format of the data (XLS, csv/txt, documents, etc.) and their structure?
Prin folosirea acestui site sunteți de acord cu utilizarea de cookies pentru analiza traficului, conținut personalizat și de publicitate. Mai mult