What is the most important document to conduct your risk assessment of your Saas Third Party for one of your critical services ?

ISO-27001 certificate42%

ISO-27017 Certificate45%

ISO-27018 Certificate33%

SOC 2 Type 2 Report24%

Consensus Assessments Initiative Questionnaire from Cloud Security Alliance (CSA) Level 1 or Level 210%

Answers to security questions you sent despite the fact that the third party may have certifications or independent security audit reports.6%

106 PARTICIPANTS
1.7k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
Senior Information Security Manager in Software2 years ago

Most important doc is the corporate risk assessment worksheet or workbook. It’s customized to focus on the risk the firm cares about.

Content you might like

Which topics are you interested in learning more about?

How to better identify and monitor Shadow IT19%

How to improve SaaS spend management45%

Soft-skills training (Team leadership, improving communication, etc.)20%

Cross-functional collaboration with other departments6%

Tools for process automation6%

Vendor management / evaluating software1%

View Results

Which leadership role is taking ownership of generative AI at your org?

CIO31%

CDO/CDAO (chief data/analytics officer)21%

CISO12%

CTO14%

CEO6%

Ownership is shared10%

Someone else3%

No one3%

View Results

Has anyone gone through the UK's Cybersecurity Essentials Plus certification and if so, would you be willing to share with me your experience and what was involved? I just want to make sure I understand what is involved and what is in scope.

Any tips you can share for helping your cyber teams improve their conflict resolution and stakeholder relationship management skills?

What are the most important best practices to follow when evaluating and implementing an ITSM solution, especially one with AI capabilities? What sorts of challenges should organizations prepare for?