Scribd
Upload
88 views6 pages

NielsenIQ Vendor Security Assessment Tool v2.0

Panduan untuk para vendor Nielsen

Uploaded by

farid.aleyada.k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
88 views6 pages

NielsenIQ Vendor Security Assessment Tool v2.0

Panduan untuk para vendor Nielsen

Uploaded by

farid.aleyada.k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 6

NielsenIQ Vendor Security Assessment Tool

In order to protect NielsenIQ and its systems, vendors whose products and/or services will collect, develop, rece
sensitive data, must complete the NielsenIQ's Vendor Security Assessment Tool.

Instructions to the Nielsen Vendor

Please select the Vendor Security Assessment tab on this workbook to begin the assessment process. Also, place
Information Needed" field for more instructions.

Supporting Evidence

Along with the completed questionnaire, please include any pertinent supporting evidence as e-mail attachment
to the following (Note that some of the assessment questions specifically ask for supporting evidence.
1. High-level data flow/network diagrams representing how shared data flows between the vendor and Nielse
2. AICPA SSAE 16 SOC 2 Type II Report or equivalent 3rd Party Assessment/Audit (e.g., ISO 27001/27002, PCI D
3. Policy Standards/Guidelines in the following areas:

Information Security Policy Change Management Incident Repo


Information Handling Information Security Awareness Training Material Employee ND
Logging and Monitoring Policies Logical Access Control and Passwords Vulnerability
BCP/DRP Privacy Policy System Hardenin
ndor Security Assessment Tool
ect NielsenIQ and its systems, vendors whose products and/or services will collect, develop, receive, process and/or host confi
must complete the NielsenIQ's Vendor Security Assessment Tool.

to the Nielsen Vendor

e Vendor Security Assessment tab on this workbook to begin the assessment process. Also, place close attention to the "Additi
eded" field for more instructions.

completed questionnaire, please include any pertinent supporting evidence as e-mail attachments. Evidence examples include
g (Note that some of the assessment questions specifically ask for supporting evidence.
data flow/network diagrams representing how shared data flows between the vendor and NielsenIQ.
E 16 SOC 2 Type II Report or equivalent 3rd Party Assessment/Audit (e.g., ISO 27001/27002, PCI DSS)
ndards/Guidelines in the following areas:

on Security Policy Change Management Incident Reponses


on Handling Information Security Awareness Training Material Employee NDAs
nd Monitoring Policies Logical Access Control and Passwords Vulnerability Management
Privacy Policy System Hardening
NielsenIQ's Vendor Security Assessment Tool
General Information
Date
GNRL-01 NielsenIQ's Contact Name
GNRL-02 Vendor Name Actual Potensi Research
GNRL-03 Product or Service Name Fieldwork vendor
GNRL-04 Vendor Contact Name Wahyu Wibowo
GNRL-05 Vendor Contact Email actualpotensiresearch@gmail.com
NielsenIQ Security Reviewer INTERNAL USE ONLY, DO NOT C
Assessment Request Number
Classification
Cyber Security Program Vendor Answers
Has your data center provider undergone an industry standard
CTRL-01 No
security audit such as ISO27001, SSAE 18 SOC2, etc.?
Do you have an Information Security Policy which is approved by
management and published and communicated to all employees,
CTRL-02 third parties and those who work on behalf of your organization? Yes

Is there a documented security user awareness program that has been


CTRL-03 approved by management, implemented and that identifies an owner Yes
to maintain and review the program?
Will NielsenIQ's data be physically or logically separated from that of
CTRL-04 Physically
other customers?
CTRL-05 Is sensitive data encrypted in transport? No
CTRL-06 Is data encrypted at rest (e.g. disk encryption, database)? Yes
CTRL-07 Is data securely deleted at the end of the engagement? Yes
CTRL-08 Are you encrypting your backups? No
Do you have a process for installing operating system and application
CTRL-09 No
updates and security patches on servers?
Do you also have an emergency process for installing patches outside
CTRL-10 of the regular patching schedule when high-risk vulnerabilities are Yes
identified?

Are audit logs collected in a centralized location and available for all
CTRL-11 No
changes and access to systems where Nielsen IQ data will reside?

CTRL-12 Please describe your password requirements.


CTRL-13 Will other third parties have access to NielsenIQ's Data? No
CTRL-14 Do you have a documented Business Continuity Plan? Yes
CTRL-15 Do you have a documented Disaster Recovery Plan? No
Will any cloud solution be used as part of the services that will be
CTRL-16
provided to Nielsen IQ?
If Yes, will Single Sign-On (SSO)/Federation be used with NielsenIQ's
CTRL-17 No
Active Directory?
Do you conduct continual or scheduled vulnerability scanning of your
CTRL-18 Yes
network for known vulnerabilities?
Do you conduct penetration testing of your network or applications
CTRL-19 No
that will be used by Nielsen IQ?
Do you have a formal change management process requiring a
CTRL-20 security review of changes being planned for your environments? No

Do you have a documented security incident response processes and


CTRL-21 No
procedures?
Ver 2.0

tensi Research
vendor
Wibowo
tensiresearch@gmail.com
AL USE ONLY, DO NOT COMPLETE

Vendor Comments Additional Information Needed

y standard security audit will be taken if our business scales


Describe getting
any plans bigger
to undergo an audit.

evidence attached Evidence is required

We don’t develop apps for Nielsen Describe any future plans.


Describe encryption technology and strategy you
AxCrypt apps will automatically secure fiemploy.
We will permanetly delete data stored inDescribe how this is accomplished.
In the future, we will encrypt the file’s Describe any future plans.

The password must be contained 8-46 characters with both numbers and letters or special character

Early year 2020 When was the last time it was tested?
ew year we will have a documented DRP when the business
Describe any scale is bigger
future plans.
Our IT support regulary test and scan net
Describe the frequency of scanning.

Any securities issues discussed by manag


Describe any plans to formalize a change
management security review procedure.
Next time, we would hire a third party
Describe any plans to formalize an incident
response plan.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy