Have you checked on your cyber policy with your insurance company? Have you filled out a cyber liability questionnaire? You may want to check before you have a breach they refuse to pay. Below is a list of some of the things a cyber liability questionnaire will cover. If you feel like you do not have the answers to any of those questions, you may want to contact Tier3MD, or your current IT provider along with your insurance company.
1 – Sensitive Data
1.1 – Information Security Infrastructure and Organization
1.2 – Sensitive Data Checklist
1.3 – Number of Protected Records
1.4 – Industry Security Frameworks
1.5 – Outside Security or Privacy Groups
1.6 – Sensitive Data Processed
1.7 – Sensitive Information in Custody
1.8 – Global IT Security Budget
2 – Third Parties
2.1 – Protected Personal Information or Protected Healthcare Information
2.2 – Third Party Corporate Confidential Information
2.3 – Outsourced Network, Computer System, Information Security
2.4 – Third Party Sensitive or Confidential Information Controls
2.5 – Third Party – Evidence of Network Security and Privacy Liability Coverage
2.6 – Computer Service Provider Security Policies and Procedures
2.7 – Vendor Data Security
3 – Handling of Data
3.1 – External Computer Systems – Firewall and Intrusion Prevention
3.2 – Password Management Process
3.3 – Security Products
3.4 – Automated Patch Management
3.5 – Intrusion Detection
3.6 – Encryption Tools
3.7 – List of Encrypted Privacy Information
3.8 – Credit Card Transactions
4 – Policies, Procedures and Documentation
4.1 – Business Continuity Plan and Disaster Recovery Plan
4.2 – Business Continuity/Disaster Recovery Plan Testing
4.3 – Expected Downtime for Critical Business Systems
4.4 – Security Incident Response Plan
4.5 – Information Security Policy and Privacy Policy
Sheryl Cherico is the CEO of Tier3MD and Discovery Computers and Forensics.
