PR.IR-02.265

Do you require service providers who operate systems on your behalf to implement protections against environmental threats and maintain adequate operating infrastructure?

Explanation

This question assesses whether your organization enforces requirements for third-party service providers to protect systems from environmental hazards (such as fire, flooding, power outages) and maintain proper infrastructure (like cooling, backup power, physical security). These requirements are essential when outsourcing critical systems or data processing to ensure business continuity and data protection regardless of where systems are physically located. Evidence could include contractual language with service providers that specifically addresses environmental protections and infrastructure requirements, service level agreements (SLAs) that define minimum standards, or documentation from provider site assessments that verify these controls are in place.

Implementation Example

Include protection from environmental threats and provisions for adequate operating infrastructure in requirements for service providers that operate systems on the organization's behalf

ID: PR.IR-02.265

Context

Function: PR: PROTECT
Category: PR.IR: Technology Infrastructure Resilience
Sub-Category: The organization's technology assets are protected from environmental threats

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub