When assessing your vendor, you should ask specific and relevant questions, such as:
- Who will be accessing your sensitive data? For what purposes?
- What security practices are in place? Are there physical security measures as well as system-wide measures?
- What is the data migration process?
- Where are the physical servers located?
- Does the vendor remain up to date with industry regulations and compliance?
- What processes are in place for requesting, approving, logging, and testing changes?
- What policies does the vendor follow to retain and back up data?
- Is there an effective disaster recovery plan in place?