Here are some instructions on how to respond to Assured's security assessment.

Please answer the questions carefully, keeping in mind that the information is intended for disclosure to other companies.

The information you provide in the security assessment will be disclosed directly to the company that requested it. Once you have answered the assessment, you can also use the information to answer the next assessment. Please be careful not to save internal or corporate information in your responses.

Good

Question: Is it possible to output the list of service users' accounts as a CSV file?

Answer: Yes

Note: We do not have a CSV output function, but if you contact us, we can send you a CSV of the account list.

Bad

Question: Is it possible to output the list of accounts of service users as CSV?

Answer: Yes

Note: The list of accounts for Client A is here: https://internal.admin.example.com/csv/a/

For answers based on public information, please include the source of information.

If there is any public information, such as privacy policy or terms of use, please provide a link to it.

Good

Question: Do you use personal information (please state the purpose of use)?

Answer: Yes

Note:

(1) Use for our other services.

(2) To provide information on events, seminars, etc.

https://example.com/privacypolicy

Bad

Question: Do you use personal information (please indicate the purpose of use)?

Answer: Yes

Note:

(1) Use for other various services operated by the Company

(2) Invitations to events, seminars, etc.

Please answer not only for the measures implemented by your company but also the security measures for the entire cloud service.

If you use external platforms or subcontractors to provide services, please answer based on their security measures.

Good

Question: Please select the physical security of your data center

Answer: Restrict access by IC card, install surveillance cameras, monitor logs

Note: We are using IaaS.

Bad

Question: Please select the physical security of your data center

Answer: Not Applicable

Note: We use IaaS, so we do not have a data center

If you choose "Undisclosed" for the details of security measures implemented, please indicate so in the supplement.

If the answer is "Undisclosed" even though security measures are implemented, the score will be calculated with the same rating as "not implemented" in the security evaluation.

If you have implemented security measures, please select "Yes/Implemented" as an option and indicate in the supplement that the details are not disclosed.

Good

Question: Do you take backups of your data (please indicate the frequency)?

Answer: Yes

Note: Yes, but the frequency is not disclosed.

Bad

Question: Do you back up your data (indicate the frequency in the supplement)?

Answer: Undisclosed

Note: Yes, but the frequency is not disclosed.

回答が見つかりましたか?