Issue link: https://resources.genetec.com/i/1480711
Cybersecurity checklist–Pre-deployment checklist Appliances and cloud services □ How am I making sure that my security appliances are configured securely? □ Do I have a specialized antivirus and antimalware protecting my edge devices and security appliances? □ Is the cloud solution built and tested with privacy and data protection in mind? □ Does it come with built-in cybersecurity defenses and default privacy protection to help me enhance risk mitigation and regulatory compliance? □ Is my cloud provider ensuring the security and governance of my data? □ Does the cloud service provider have the capability to restrict the storage of our data to specific countries or geographical locations? □ Is the data exchanged and stored in the cloud fully protected? □ Has the hosting infrastructure had a SOC 2 Type 2 audit? □ Does the cloud service provider ensure that the latest security patches are applied to operating systems/assets/ applications in a timely manner? □ Can the cloud service provider isolate our environment/ data from other customers environment/data? □ Does the cloud vendor have a plan in place to return or destroy the data at the end of the relationship? □ What is the cloud solution's track record for reliability and uptime, and what measures are in place for backup and disaster recovery? Vendor assessment □ Does the vendor have notifications warning about maintenance time or other events requiring a system to be put offline or rebooted? □ Does the vendor have notifications when the system should be put offline? □ How transparent are vendors with cyber vulnerabilities? □ Does the vendor have and willing to share a documented security incident response plan? □ Does the vendor have a comprehensive strategy to close security gaps and vulnerabilities? □ Does the vendor prioritize cybersecurity in the development of their products? □ Who's liable if your equipment is used to access private information? □ Who owns the manufacturing company that builds their software and hardware? □ Does the vendor engage third-party auditors and conduct penetrating tests to identify and address security gaps? □ Do the vendor have any certifications from regulatory bodies and international associations and adhere to information security standards? □ Do they carefully vet and select partners to ensure the highest levels of cybersecurity and compliance? □ How stable and established is the vendor? Are there signs that we can trust this vendor and that they will continue to support and develop the solution in the future?