10 Security Questions to Ask Your Tech Vendors 

10 Security Questions to Ask Your Tech Vendors 

1. Does the Vendor have a recent SOC2 & SOC3 Report (Annual) they can share w/ you? 

2. Does the Vendor have any of the following certifications: FedRAMP, StateRAMP, ISO, CSA? 

3. Does the Vendor follow a Secure Software Development Lifecycle (SSDLC)? 

4. What is the Vendor’s Software Bill of Materials (SBOM)? 

5. What does the Vendor’s Incident Response Program entail? 

6. Can the Vendor explain their Vulnerability Testing processes? 

7. What Penetration Testing does the Vendor do? 

8. How does the Vendor leverage Multi-Factor Authentication? 

9. Does the Vendor offer Single Sign-On functionality for customers? 

10. Can the Vendor provide background checks that map to CJIS requirements? 

Interested in hearing more from our speakers? 

Check out Larry Zorio’s, CISO at Mark43, resources for public safety: 

1. Securing your public safety agency from catastrophic malware attacks 

2. 3 Pillars of Data Security: Confidentiality, Integrity & Availability 

3. Whitepaper: Making data security a priority 

4. TechRepublic interview: Fighting cybersecurity risks for law enforcement: On-premises vs. cloud native systems 

Watch Chief Ishii’s fireside chat around Taking the Leap and Reaping the Benefits of a Modern Tech Strategy 

Ready to schedule a demo? Fill out the form and a member of our team will be in touch!