Controls

Governance, Risk and Compliance

STATUS

CONTROL

Compliant

Privacy and Security Policy Notices

The organization publishes privacy policies, security notices, and terms of use for its products. Any changes are promptly and officially communicated to all customers.

Compliant

Risk Management Policy Development

The organization must have a risk management policy defining the risk management process, including identification, mitigation, monitoring, evaluation, and approval of risks.

Compliant

Maintain Approved Software and Vendor List

The organization maintains a list of approved software installations and vendors.

Compliant

Assess Vendor Risks

Technology/security risk assessments are conducted before engaging with any vendor involving data exchange, technical integration, or technology services.