https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/Recent content in Application for approval of a new IT service on Virtosoftware Guides & DocsHugoen-usFri, 08 Nov 2024 18:43:03 +0000https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/maintenance/Fri, 08 Nov 2024 18:43:03 +0000https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/maintenance/<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th>Maintenance</th><th>Supplier's response</th></tr></thead><tbody><tr><td>Are there logging functions for security-related events, and if so, which events do you log?</td><td>Nothing</td></tr><tr><td>How do you protect logging features and logging tools against tampering and unauthorized access, including from your own staff?</td><td>n/a</td></tr><tr><td>Describe how you inform customers about technical vulnerabilities. How and when do you report that you have discovered a vulnerability or leak?</td><td>Via email immediately</td></tr><tr><td>Describe what you use for principles and methods for developing secure systems.</td><td>n/a</td></tr><tr><td>Do you have guidelines for information security in your development processes? How are these applied to major changes?</td><td>n/a</td></tr><tr><td>The supplier must have routines for reviewing and testing the availability and security of changes to business-critical operating platforms. Describe your routines for reviewing and testing the availability and security of changes to business-critical operating platforms.</td><td>n/a</td></tr><tr><td>Do you have documented routines for monitoring, detecting, analyzing, reporting, escalating, and handling security events and security incidents?</td><td>n/a</td></tr><tr><td>Do you follow the routines for handling safety incidents from current laws and regulations?</td><td>n/a</td></tr><tr><td>Briefly describe your routines to ensure the availability of the system/application.</td><td>Internal information</td></tr><tr><td>Describe your routines for continuity and disaster management. How is our data protected from a reliability and accessibility perspective?</td><td>Data is always stored on your side. We don’t have access to it.</td></tr><tr><td>What are your SLA levels? (What do you guarantee for availability/uptime?)</td><td>Same as Azure</td></tr><tr><td>How often is data backed up?</td><td>We don’t store data</td></tr></tbody></table></figure>https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/data-security/Fri, 08 Nov 2024 18:42:28 +0000https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/data-security/<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th>Data security</th><th>Supplier's response</th></tr></thead><tbody><tr><td>How do you store credentials, such as passwords? (It also applies to system accounts in source code).</td><td>n/a, you install an app in your SharePoint and use your Office 365 credentials</td></tr><tr><td>Do you have rules that staff follow regarding how authentication information is handled?</td><td>n/a</td></tr><tr><td>Briefly describe how you allocate and update permissions for users and system components.</td><td>n/a</td></tr><tr><td>The supplier must protect and ensure that there is traceability in the tools intended for system maintenance, their security configuration, and their information. How do you protect these tools?</td><td>n/a</td></tr><tr><td>Do you own and operate your own data center, or is it outsourced to a third-party or cloud-based solution such as AWS/Azure? To whom is it outsourced?</td><td>We store it in Azure.</td></tr><tr><td>If you have your data center, what level of protection does it have?</td><td>n/a</td></tr><tr><td>Do you have routines that ensure that only authorized personnel have physical access to any potential data centers?</td><td>n/a</td></tr><tr><td>The supplier must have routines regarding change management for the parts that may affect the delivery’s security and availability. Do you have routines regarding change management for components, systems, and other factors that may affect the security and availability of the delivery?</td><td>n/a</td></tr><tr><td>What malware protection do you use, and how often is it updated?</td><td>n/a</td></tr><tr><td>What security measures have you implemented against unauthorized access and unauthorized information modifications?</td><td>Internal information</td></tr><tr><td>Which authentication solution have you opted for?</td><td>n/a</td></tr><tr><td>Do you have routines for conducting security tests, such as penetration testing?</td><td>n/a</td></tr><tr><td>How do you mitigate any security incidents?</td><td>n/a</td></tr></tbody></table></figure>https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/information-security/Fri, 08 Nov 2024 18:40:11 +0000https://docs-hugo-4dl.pages.dev/docs/virto-security-frequently-asked-questions-faq/application-for-approval-of-a-new-it-service/information-security/<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th>Information security</th><th>Supplier's response</th></tr></thead><tbody><tr><td>Do you have a policy that describes how employees may work remotely regarding the operation, management, and support of the services delivered?</td><td>Yes</td></tr><tr><td>Do you have processes and routines in place for background checks on staff?</td><td>Yes</td></tr><tr><td>Have you signed a confidentiality agreement (NDA) with your employees? The confidentiality agreement must include information about your customers.</td><td>Yes</td></tr><tr><td>Do you have agreements that ensure confidentiality for subcontractors (NDA)?</td><td>Yes</td></tr><tr><td>Do you regularly conduct staff training to increase information security awareness?</td><td>Yes</td></tr><tr><td>Describe what measures you have in place for violating information security rules.</td><td>n/a</td></tr><tr><td>Do you have documented rules, routines, and roles that describe the permitted use of the resources included in the delivery?</td><td>No</td></tr><tr><td>Do you have routines and features for permanently deleting information related to the delivery? (The supplier must, on request, be able to present evidence that this has happened.)</td><td>No</td></tr><tr><td>Do you conduct regular risk assessments for the system/service/application?</td><td>No</td></tr><tr><td>What routines do you have for information management?</td><td>Documents and procedures</td></tr><tr><td>What are your guidelines for system administration accounts?</td><td>Internal information</td></tr><tr><td>Briefly describe what encryption routines you have in place.</td><td>Internal information</td></tr><tr><td>Do you encrypt all communications, and which encryption technologies are used?</td><td>n/a</td></tr><tr><td>Describe your data destruction procedures. What happens to customer data if a customer leaves you? How do you handle the decommissioning or temporarily managing databases and storage media holding customer-related information? Within what time period is it managed?</td><td>We don’t store customer data. All data is stored in your SharePoint tenant</td></tr></tbody></table></figure>