What is the most important document to conduct your risk assessment of your Saas Third Party for one of your critical services ?

ISO-27001 certificate41%

ISO-27017 Certificate45%

ISO-27018 Certificate33%

SOC 2 Type 2 Report23%

Consensus Assessments Initiative Questionnaire from Cloud Security Alliance (CSA) Level 1 or Level 211%

Answers to security questions you sent despite the fact that the third party may have certifications or independent security audit reports.6%

104 PARTICIPANTS
1.7k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
Senior Information Security Manager in Software2 years ago

Most important doc is the corporate risk assessment worksheet or workbook. It’s customized to focus on the risk the firm cares about.

Content you might like

Does your AI security approach include intent-based API monitoring?

Yes33%

No – we have intent-based API monitoring but don’t use it for AI security 60%

We don’t use intent-based API monitoring7%

Other/unsure

View Results

With cloud costs rising, are you taking any of these steps to optimize your D&A operations?

Adopting new cloud cost management tools21%

Improving cloud cost management practices60%

Updating data retention policies for cost reduction54%

Making adjustments to limit data transfer fees40%

Exploring different pricing solutions with our current provider(s)26%

Changing cloud providers11%

Changing cloud deployment (multi/single, private/public)8%

Nothing specific at the moment4%

View Results

Which previously outsourced IT functions are you bringing in-house using GenAI tools, and what’s been your actual ROI experience versus initial projections?

Read More Comments

How do you establish shared accountability for IT cost optimization with business leaders to avoid being the sole owner of spending cuts?

What’s your experience with strategic cost cuts versus across-the-board reductions? Which approach has delivered better long-term outcomes for your organization?