ID.RA-09.175

Does your organization have a formal process to assess the authenticity and security posture of critical technology products and services before acquisition and deployment?

Explanation

This question evaluates whether your organization conducts proper security due diligence before integrating new technology into your environment. Such assessments should include verification of vendor credentials, security certifications, vulnerability testing results, and supply chain integrity to prevent the introduction of compromised or insecure components. Evidence could include a documented vendor security assessment procedure, completed security questionnaires for recent technology acquisitions, records of security certification verification, or reports from third-party security assessments of products prior to purchase decisions.

Implementation Example

Assess the authenticity and cybersecurity of critical technology products and services prior to acquisition and use

ID: ID.RA-09.175

Context

Function
ID: IDENTIFY
Category
ID.RA: Risk Assessment
Sub-Category
The authenticity and integrity of hardware and software are assessed prior to acquisition and use

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron