Forum Discussion

ehabisaac's avatar
ehabisaac
New Contributor
4 years ago

CRITICAL IT security questionnaire*** need answers ASAP

In effort to continue using LogMeIn services, our IT department is looking for answers to the following questions: 

 

1. Do you log your administrative activities?

Yes or No 

 

2. Which compliance certifications do you have?

 

A. Trustee / BBB

B. Safe harbor

C. ISO 27018

D. FISMA

E. FedRAMP

F.CSA Star

G. HITRUST

H. ISO 27017

I. SAS 70 / SSAE16 / ISAE 3402

J. ITIL

K. DCAA / SOC 3

L. ISO 27001

M. SOC2

N. PCI Compliance

P. HIPAA

Q. BSI C5

R. None

 

3. Where is the geographic hosting location of your cloud Service for North America?

 

Definition of Hosted in EU approved countries: Hosted in EU approved countries is the eleven countries that the EU considers “adequate” from a data protectyion POV. Switzerland, Andorra, the Faroe Islands, Guernsey, Jersey, the Isle of Man, Argentina, Canada, Israel, New Zealand and Uruguay. Definition of questionable countries: Afghanistan, Brazil, China, Indonesia, Iran, Iraq, Mexico, Pakistan, Russia, South Africa, Taiwan, Thailand, Turkey, United Arab Emirates, Vietnam

 

Hosted in US

Hosted in EU

Hosted in a questionable countries: (Afghanistan, Brazil, China, Indonesia, Iran, Iraq, Mexico, Pakistan, Russia, South Africa, Taiwan, Thailand, Turkey, United Arab Emirates, Vietnam)

Hosted in EU approved countries (Switzerland, Andorra, the Faroe Islands, Guernsey, Jersey, the Isle of Man, Argentina, Canada, Israel, New Zealand and Uruguay)

Hosted in APAC

Others

 

4. Do you offer an integrated data loss prevention capability?

Yes or No

 

5.After a service contract or account is terminated, when do you delete the data in the tenant?

 

 

6. Does your solution offer a file sharing method as part of its service offering?

Yes

No

 

7. Please state the URL´s of your service which are necessary to whitelist.

 

8. Please state a contact details (email and telephone number) of an emergency contact for (security) major incidents:

 

9. Is it possible to connect to to your Service with mobile devices?

Yes

No

 

 

10. Do you support integration with authentication providers via SAML or OAUTH?

Yes

No

 

11.If integration with customer authentication providers is implemented, can this authentication be enforced?

Yes

No

 

12.Do you support IP whitelist blocks to restrict access to your solution from unauthorized IP address spaces?

Yes

No

 

13. What kind of Third Party / Subcontractor do you use for providing the service to our company?

Third Party Provider (e.g. for Hosting)

Cloud Provider (for IaaS, PaaS or SaaS)

"Classical" Subcontractor (e.g. for coding)

More than one category of Third Party / subcontractor

None

 

 

14. Is it legally ensured that the customer data will be handed over to our company in case of a service termination?

Yes

No

 

15. Can our company perform their own data extraction without involvement of you?

Yes

No

 

16. Do you guarantee formats and standard interfaces to extract all our company data (while retaining all logical relations) out of your service and support our company (if necessary)?

Yes

No

 

17.Do you provide regular information on these changes (e.g. new or discontinued functions, new subcontractors, other items that are relevant to the SLA)?

 

New or discontinued functions

New subcontractors

Items that are relevant to the SLA

 

18. Please state information of your legal relationships and ownership situation, as well as its decision-making powers

 

19. Which compliance certifications do you have?

Trustee / BBB

Safe harbor

ISO 27018

FISMA

FedRAMP

CSA Star

HITRUST

ISO 27017

SAS 70 / SSAE16 / ISAE 3402

ITIL

DCAA / SOC 3

ISO 27001

SOC2

PCI Compliance

HIPAA

BSI C5

None

 

    • ehabisaac's avatar
      ehabisaac
      New Contributor

      I am having a hard time locating answers to the questions I posted. Can you please provide me the answers to the questions directly?