CRITICAL IT security questionnaire*** need answers ASAP
In effort to continue using LogMeIn services, our IT department is looking for answers to the following questions:
1. Do you log your administrative activities?
Yes or No
2. Which compliance certifications do you have?
A. Trustee / BBB
B. Safe harbor
C. ISO 27018
D. FISMA
E. FedRAMP
F.CSA Star
G. HITRUST
H. ISO 27017
I. SAS 70 / SSAE16 / ISAE 3402
J. ITIL
K. DCAA / SOC 3
L. ISO 27001
M. SOC2
N. PCI Compliance
P. HIPAA
Q. BSI C5
R. None
3. Where is the geographic hosting location of your cloud Service for North America?
Definition of Hosted in EU approved countries: Hosted in EU approved countries is the eleven countries that the EU considers “adequate” from a data protectyion POV. Switzerland, Andorra, the Faroe Islands, Guernsey, Jersey, the Isle of Man, Argentina, Canada, Israel, New Zealand and Uruguay. Definition of questionable countries: Afghanistan, Brazil, China, Indonesia, Iran, Iraq, Mexico, Pakistan, Russia, South Africa, Taiwan, Thailand, Turkey, United Arab Emirates, Vietnam
Hosted in US
Hosted in EU
Hosted in a questionable countries: (Afghanistan, Brazil, China, Indonesia, Iran, Iraq, Mexico, Pakistan, Russia, South Africa, Taiwan, Thailand, Turkey, United Arab Emirates, Vietnam)
Hosted in EU approved countries (Switzerland, Andorra, the Faroe Islands, Guernsey, Jersey, the Isle of Man, Argentina, Canada, Israel, New Zealand and Uruguay)
Hosted in APAC
Others
4. Do you offer an integrated data loss prevention capability?
Yes or No
5.After a service contract or account is terminated, when do you delete the data in the tenant?
6. Does your solution offer a file sharing method as part of its service offering?
Yes
No
7. Please state the URL´s of your service which are necessary to whitelist.
8. Please state a contact details (email and telephone number) of an emergency contact for (security) major incidents:
9. Is it possible to connect to to your Service with mobile devices?
Yes
No
10. Do you support integration with authentication providers via SAML or OAUTH?
Yes
No
11.If integration with customer authentication providers is implemented, can this authentication be enforced?
Yes
No
12.Do you support IP whitelist blocks to restrict access to your solution from unauthorized IP address spaces?
Yes
No
13. What kind of Third Party / Subcontractor do you use for providing the service to our company?
Third Party Provider (e.g. for Hosting)
Cloud Provider (for IaaS, PaaS or SaaS)
"Classical" Subcontractor (e.g. for coding)
More than one category of Third Party / subcontractor
None
14. Is it legally ensured that the customer data will be handed over to our company in case of a service termination?
Yes
No
15. Can our company perform their own data extraction without involvement of you?
Yes
No
16. Do you guarantee formats and standard interfaces to extract all our company data (while retaining all logical relations) out of your service and support our company (if necessary)?
Yes
No
17.Do you provide regular information on these changes (e.g. new or discontinued functions, new subcontractors, other items that are relevant to the SLA)?
New or discontinued functions
New subcontractors
Items that are relevant to the SLA
18. Please state information of your legal relationships and ownership situation, as well as its decision-making powers
19. Which compliance certifications do you have?
Trustee / BBB
Safe harbor
ISO 27018
FISMA
FedRAMP
CSA Star
HITRUST
ISO 27017
SAS 70 / SSAE16 / ISAE 3402
ITIL
DCAA / SOC 3
ISO 27001
SOC2
PCI Compliance
HIPAA
BSI C5
None
