Teamwork Vendor Risk Assessment Form
Company Name
Brief description of data processing activities:
Name
First Name
Last Name
Email
example@example.com
Phone Number
Please enter a valid phone number.
Format: (000) 000-0000.
Person in charge of security in your company:
First Name
Last Name
Back
Next
Product/Service - Security & Privacy
What is the nature of the partnership with Teamwork Commerce (TWC)?
Will the partnership require electronic exchange of data to/from TWC?
What type of data will be exchanged between systems/applications?
What security protocols are in place to secure any information that is exchanged digitally?
Is there a requirement to store any exchanged data after the exchange, and if so, for how long?
If the data is exchanged and not required to be saved, how is it destroyed?
If no data is exchanged between applications, do you still, in any way, collect TWC client's customer information?
Back
Next
Information Security and Privacy
Do you have an Information Security policy?
Yes
No
If yes, please provide details:
Do you provide Information Security training to all your employee?
Yes
No
How frequent does the trainings repeat?
Do you perform phishing campaigns?
Yes
No
Is there an application and approval process for installing software on your corporate assets?
Yes
No
Does your organization process personally identifiable information (PII)?
Yes
No
Does your company have a dedicated security team?
Yes
No
If yes, How often?
Does the organization have any IDS/IPS systems in place?
Yes
No
Is there an EDR system in place?
Yes
No
Is there malware protection on all your corporate assets?
Yes
No
Does your company conduct periodic inventory checks to verify that no computers are missing?
Yes
No
Are all laptops, workstations, and server hard drives encrypted?
Yes
No
Is USB storage (for example, USB memory or external hard drives) allowed in your company?
Yes
No
Do you require strong passwords?
Yes
No
If yes, do they expire?
Yes
No
Do you enforce MFA (Multi-Factor Authentification) on all your systems?
Yes
No
Do you enforce MFA for all privileged accounts (such as Network or System Admins)?
Yes
No
Do you allow remote connection to your system?
Yes
No
Does your company perform vulnerability scans for all external facing servers?
Yes
No
Is there a patch management program in place?
Yes
No
Do you log security events?
Yes
No
Do you use a VPN (Virtual Private Network) to secure remote connections?
Yes
No
Do you employ a third-party to test your infrastructure security?
Yes
No
Does the organization have a backup program?
Yes
No
Do you review physical and environmental risks?
Yes
No
Do you have procedures in place for business continuity in the event that your office is inaccessible?
Yes
No
Do you have a written policy for physical security requirements for your office?
Yes
No
Is your network equipment physically secured?
Yes
No
What data center providers do you use if any?
Are there any additional details you would like to provide about your information security and privacy program?
Submit
Should be Empty: