CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
SPEAKER
Vado Yang
TUL Corporation MIS Dept. Manager
Vado Yang specialises in enterprise systems migration, including SAP ERP, Aras PLM, virtualisation technologies, DB, Network, information security technologies, with a recent focus on data science.
Speech
SEP 21
#
How You Respond to a Customer Security Audit Matters
Be Truthful: Use content directly from your security and compliance program
The best way to answer a question is by sharing information directly from your security and compliance program (should you have one…and you should). Share a control and/or policy document that describes how you do something. You should try to avoid making up custom answers for a question because it is difficult to keep track of the nuances in each answer in the future, in case a customer asks you about it down the line.
If you don’t have a control or policy, but it’s in your roadmap, state that, along with an approximate timeline on when you will adopt the new controls and policies. Always expect the customer to ask for proof, so don’t make up an answer you cannot back up with evidence.