CONS-05

Will the consulting take place on-premises?

Explanation

This question is asking whether the consulting services being assessed will be performed at the client's physical location (on-premises) as opposed to remotely. This is important from a security perspective for several reasons: 1. Physical access: Consultants working on-premises will have physical access to your facilities, equipment, and potentially sensitive areas. This introduces different security considerations than remote work. 2. Network access: On-premises consultants typically connect to your internal networks directly, which may provide broader access than remote consultants who connect through VPNs or other controlled access points. 3. Data exposure: On-premises consultants may have greater exposure to sensitive information through visual observation, overheard conversations, or direct access to physical documents. 4. Security controls: Different security controls are needed for on-premises consultants (badge access, escort policies, clean desk policies) versus remote consultants (secure remote access, encrypted communications). When answering this question, be specific about whether all, some, or none of the consulting work will be performed on-premises. If it's a mix, explain what determines which work is done where. Also consider mentioning any security measures specific to the on-premises work if applicable.

Example Responses

Example Response 1

Yes, all consulting services will be performed on-premises at the client's location Our consultants will require workspace at your facilities for the duration of the project, which is estimated to be 3 months Our team will comply with all your physical security requirements including badge access protocols, visitor management procedures, and clean desk policies We will need access to your internal network while on-site, which will be coordinated with your IT security team.

Example Response 2

No, our consulting services are delivered entirely remotely Our consultants will not require physical access to your facilities All work will be performed from our secure offices using encrypted connections to your systems via your approved remote access methods (VPN, virtual desktop, etc.) Meetings and workshops will be conducted via secure video conferencing platforms This approach minimizes physical security concerns while maintaining the effectiveness of our services.

Example Response 3

Partially Approximately 30% of our consulting work will require on-premises presence, primarily during the initial assessment phase (weeks 1-2) and final implementation phase (weeks 8-10) The remaining work will be performed remotely For the on-premises portions, we will need access to your server rooms and network operations center Our team understands we cannot meet all your security requirements for physical access, as we do not currently conduct background checks on our consultants to the level your organization requires for server room access We would need to discuss alternative arrangements for these aspects of the project.

Context

Tab
Case-Specific
Category
Consulting Services

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron