Public Safety Data Security Standards: Security Assessments
David Bratton | 29 June 2023 | 2 minute read
Recently, Mark43 published responses to two industry-recognized questionnaires that enable our public safety partners to continually affirm our ability to protect their data.
This is another example of our ongoing commitment to maintaining the highest standards of integrity and safety in securing the data that we are entrusted with as a cloud-native public safety platform. These responses follow our other published reports and independently verified designations such as FedRAMP High “In Process” and StateRAMP High “In Process.”
Security questionnaires are a common tool available to public safety agencies to assess the security posture of third-party vendors like Mark43. These assessments include a series of questions about security controls, policies, and procedures. Agencies can use them to help identify, evaluate, and mitigate any potential risks associated with working with third parties.
Below is a snapshot of each of the two new published responses completed by the Mark43 Security Team and links to where you can view them:
Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ)
The CSA is the world’s leading organization dedicated to defining and raising awareness of best practices for cloud security. Mark43 recently completed the CSA’s CAIQ, which is a self-assessment used to demonstrate compliance with the CSA Cloud Controls. The CAIQ covers a wide range of security controls, including access control, data protection, incident response, and disaster recovery. Mark43 uses the CAIQ to offer transparency of current security controls existing within our services.
You can view Mark43’s CAIQ published on the CSA’s website here.
HECVAT (Higher Education Community Vendor Assessment Tool)
The HECVAT is an assessment intended to help higher education institutions assess their vendor risk. Current and Future customers within the education space can review Mark43’s HECVAT to confirm that information, data, and cybersecurity policies are in place to protect their sensitive institutional information and constituents’ personally identifiable information (PII). In addition, our completed HECVAT can be used to streamline procurement processes.
You can request a copy of Mark43’s HECVAT by visiting the REN-ISAC website here. Click on Mark43 under the Completed Assessments section to submit a request.
Public safety agencies operate in a high-risk environment, with constant threat of cyberattacks and other threats. The communities these agencies serve expect them to maintain the highest standards for data security. In turn, agencies need to trust that their technology vendors and partners take security seriously. Industry-recognized questionnaires are one way that public safety agencies can continually affirm the ability of their partners to protect their data.
Learn more about security compliance, including the key criteria agencies should use when evaluating potential vendors, by reading our white paper, “Making Data Security a Priority.”
