Scribd
Upload
141 views5 pages

NTDAT - External Party Risk Assessment

This document contains a vendor risk assessment questionnaire for an external party with 10 mandatory requirements and 10 desired requirements related to information security. It includes questions about having an information security policy, signing non-disclosure agreements, security training, defining security roles, compliance with standards like ISO 27001, classification of information, employee exit processes, change management procedures, audit logs, user access management, password controls, security incident reporting, and business continuity management. The vendor must comply with 80% of the mandatory questions and their responses will be evaluated to determine eligibility for a procurement process.

Uploaded by

Syeda Nida Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
141 views5 pages

NTDAT - External Party Risk Assessment

This document contains a vendor risk assessment questionnaire for an external party with 10 mandatory requirements and 10 desired requirements related to information security. It includes questions about having an information security policy, signing non-disclosure agreements, security training, defining security roles, compliance with standards like ISO 27001, classification of information, employee exit processes, change management procedures, audit logs, user access management, password controls, security incident reporting, and business continuity management. The vendor must comply with 80% of the mandatory questions and their responses will be evaluated to determine eligibility for a procurement process.

Uploaded by

Syeda Nida Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

External Party Risk Assessment - Form

DAR AL TAKAFUL PJSC

NOOR TAKAFUL GENERAL PJSC

NOOR TAKAFUL FAMILY PJSC


External Party Risk Assessment - Form

TABLE OF CONTENTS

EXTERNAL PARTY RISK ASSESSMENT ...............................................................................................3

Restricted Version 1.0


External Party Risk Assessment - Form

External Party Risk Assessment

Procurement to incorporate this section in every RFP / RFQ released, based on the applicability of Vendor Risk
Assessment Process. Obtain this information from vendor and evaluate the risk score pertaining to Information
Security requirements.

Instructions:

 Please complete the following questionnaire.


 For any queries or details required, please describe in Justification/Comments Section OR mention at the end of
the questionnaire OR attach documentation with the required information.
 Mention Not Applicable wherever relevant, with appropriate justifications or comments.

Note: Vendor must comply with minimum 80% of the below Mandatory Questionnaire to be eligible to pass the
technical evaluation process.

Vendor Risk Assessment Questionnaire

Risk Assessment Categories Compliance Justification / Comments


Status
Yes No
Mandatory Requirements

1. Does your organization have Information security (IS) policy, ☐ ☐


which is approved by your management, published, and
communicated to all employees? Are IS Policies reviewed on
an ongoing basis?

2. Do you sign Confidentiality or non-disclosure agreements ☐ ☐


with your company employees and/or third-party personnel,
as employed or engaged by your company?

3. Is security requirements such as background verifications, ☐ ☐


information security awareness, etc. are addressed for all
employees and third party personnel?

4. Are security roles and responsibilities documented and ☐ ☐


communicated to all employees and third parties through
appropriate Information Security awareness training and
regular updates?

5. Are responsibilities for the protection of customer ☐ ☐


information/assets, and Organizational information/assets
clearly defined?

Restricted Version 1.0


External Party Risk Assessment - Form

Desired Requirements

1. Does your organization comply with the requirements of the ISO/IEC ✓☐ ☐


27001:2013 Standard, and Certified against those requirements? Are
you aware of ADHICS & IAS Standard requirements?
2. Is there an information classification scheme or guideline in place, ✓☐
which will assist in determining how the information is to be handled
and protected? Are your employees, sub-contractors & third parties
made aware to adhere with such classification schemes?

3. Is there a defined employee exit process, and is the employee exit ✓ ☐


process includes communication to customers?

4. Are physical identification Badges provided to all employees and ✓☐


third-party users working within the Organization premises or at the
client sites?

5. Do you follow a formal Change Management Procedure for ✓ ☐


implementing changes to information processing facilities, assets or
services offered to customers?

6. Do you have a procedure for recording audit logs for user actions, ☐✓ ☐
exceptions, and information security events?

Restricted Version 1.0


External Party Risk Assessment - Form

7. Do you have a formal user registration and deregistration process for ✓☐ ☐


granting/revoking access to information systems and services?

8. Do you have a password management requirement defined that ✓☐ ☐


enforces various password controls?

9. Do you have a security incident reporting process in place? Are ✓☐ ☐


employees aware of the requirements of the process, and are trained
to report security weakness or events through defined channels as
quickly as possible?

10. Do you have Business Continuity Management (BCM) in place? Does ✓ ☐


your business continuity planning address the requirements of
ensuring continuity of services to your customers and business
stakeholders?

Vendor’s authorized signature: ________________________________Name_______First Solutions Services___________

Vendor’s Stamp: ___________________________________________________Date___03-08-2021 _________________

Restricted Version 1.0

You might also like