From EDRM – Duke Law: Security Audit Questionnaire

Extract from article from EDRM – Duke Law

The Security Audit Questionnaire was designed primarily to help evaluate the security capabilities of cloud providers and third parties offering electronic discovery or managed services.

The tool is also useful as a self-checklist for organizations testing the security capabilities of their own in-house systems.

Use the questionnaire to assess an organization’s strength in protecting data from destruction or unauthorized access, as well as compliance with data-related legislation such as:

  • Gramm Leach Bliley Act (GLBA)
  • HIPAA
  • PCI DSS (Payment card industry)
  • Sarbanes-Oxley Act
  • Security breach notification laws

The tool sets out 74 separate criteria under seven categories. Use it to assign the importance or weight of each of the criteria, so that you can emphasize key criteria that are mission-critical; or, downplay the criteria that are less important to your business.

Areas addressed include:

  • Risk Management
  • Asset Security
  • Communications and networking security
  • Identity and Access Management
  • Security Operations
  • Software Development Security

Download the Excel file here:  Security Audit Questionnaire