Trust Examiner School eBook

Page 12

8.24 Provide any password related policies, settings, and parameters. For example, password length and complexity requirements, screen lockout settings, and session expiration settings for all systems. 8.25 Describe any customer access and authentication controls implemented to safegaurd and protect private data. 8.26 Provide a description of anyone with remote access, including third-parties, employees, and Board memebers designating the type of device that may be used (company owned or personal). 8.27 Provide a copy of any current IT or cybersecurity related insurance policies. 8.28 Describe all cloud services used by the institution. Include Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). 8.29 Describe the processes in place for network monitoring (e.g., performance, intrusion detection, web filtering) and network operations, and indicate whether these activities are outsourced or performed in house and identify the products used. 8.30 Provide a list of all core applications, including online applications and network(s), and indicate whether the applications are outsourced or hosted in-house. -- If outsourced, please provide the name and location of the third-party provider. -- If in-house, please indicate whether the applications are developed and maintained in-house or are a third-party software product. -- Include the product name and third-party provider name and location for software products. 8.31 Please provide a list of anyone with physcial access to stored data or IT related assets including servers, printers, and communciatons equipement.