BriteCore RFI

Risk Assessment

Risk assessment is an integral part of BriteCore’s risk analysis and management planning. It requires constant and thorough investigation of our company’s policies and procedures to ensure technical operations are both safe and durable. This program assists with identifying and evaluating risks, introducing methods and measures for controlling hazards, and building awareness among clients and employees for the benefit of maintaining accuracy, security and reliability across all BriteCore products and services.

Questionnaire

  1. Do you currently have a risk assessment plan in place?

    Yes. We have a strategic risk assessment plan in place that includes risk identification and the implementation of controls to mitigate or manage those risks. We monitor this program and take pro-active measures to protect against risks.

  2. Do you have security policies in place to help protect client data?

    Yes. It is the policy of Intuitive Web Solutions that information in all its forms (written, spoken, recorded electronically or printed) will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information.

  3. Have those policies been reviewed within the last 12 months?

    Yes, they have.

  4. Is there an information security officer responsible for security initiatives within the organization?

    Yes. To ensure the implementation of this policy the company has designated a member of management to act as the company’s Security Officer. All inquiries relating to data and/or security should be referred to the Security Officer.

  5. Is there an asset management policy or program in place?

    Yes, there is an asset management program in place. This program has been approved by management, communicated to appropriate constituents, and an owner to maintain and review the policy.

  6. Are information assets classified?

    Yes, information assets are classified.

  7. Is there insurance coverage for business interruptions or general services interruption?

    Yes, we have insurance coverages for business interruptions or general service interruption.

  8. Are there assigned security roles and responsibilities for BriteCore and IWS?

    Yes.

  9. Are new hires required to sign any agreements upon hire?

    Yes. We ask all new hires to sign off on appropriate security and procedural documents prior to their inital employment at IWS.

  10. Is there a security awareness training program or documentation?

    Yes. We provide employees with security awareness documentation and training at the time of employment. During this time individuals are allowed to ask questions or voice concerns prior to working on projects. Current employees have access to security documents and training at any time during their employment and are asked to review them at least annually.

  11. Is a Business Impact Analysis conducted at least annually?

    Yes.

  12. Is there an internal audit, risk management or compliance department?

    Yes.

  13. Is there a dedicated person (or group) responsible for privacy compliance? If no, explain reason.

    Yes, a member of our management team is currently responsible for privacy compliance.

  14. Is there a formally documented privacy policy (or policies)? If no, explain reason.

    Yes, ask to see our Privacy Policy for more details.

  15. Are there regular privacy risk assessments? If yes, provide frequency and scope. If no, explain reason.

    Yes, we perform quarterly self-assessments.

  16. Is there formal privacy awareness training for employees, contractors, volunteers (and other parties, as appropriate)? If yes, provide frequency and scope. If no, explain reason.

    Yes, we do this upon initial hire and anually thereafter.