Greco & Associates, LLC

Basic checklist to check your backup and disaster recovery program:

  • Are all critical data and systems backed up regularly and securely?
  • Are the backups stored in a secure and offsite location?
  • Are the backups tested periodically for data integrity and restoration capabilities?
  • Does the disaster recovery plan include steps for restoring data and systems in a timely manner?

Basic checklist of questions to ask your vendors about third party risk:

  • Do you have a documented security program and incident response plan?
  • How do you identify and manage risks related to data privacy and security?
  • Do you conduct regular security assessments and penetration testing?
  • Are your employees trained on security awareness and incident response?

Basic checklist of questions to prepare for an ISO or SCO audit:

  • Do you have a documented information security management system (ISMS)?
  • Are all security policies and procedures documented and up-to-date?
  • Have you conducted a risk assessment and developed a risk management plan?
  • Do you have a process for continuous monitoring and improvement of security controls?

Basic check of questions to ask about your security posture:

  • Do you have a security program in place, and is it documented and up-to-date?
  • Have you conducted a vulnerability assessment and penetration testing?
  • Are all security incidents logged, tracked, and resolved?
  • Have you implemented multi-factor authentication, encryption, and other best practices to protect data and systems?