AWS-Based Serverless Architecture for a Cross-Border Money Transfer Application Download Now

RemitSo

Engineered for Regulatory Readiness and Dependable Compliance

Does the system come with a comprehensive, enterprise-wide, disaster recovery / business continuity program (DR/BCP)?

Yes
No

If yes, does the DR/BCP contain:

a.

Defined roles & responsibilities?

Yes
No

b.

Written recovery procedures?

Yes
No

c.

Business impact analysis?

Yes
No

d.

Offsite storage provisions?

Yes
No

e.

Testing requirements, including documentation of lessons learned from DR/BCP tests?

Yes
No

Does the system support incident response plans?

Yes
No

If yes, does the plan provide for:

a.

Assessing the nature & scope of the incident, including documenting any systems containing customer information that may have been compromised?

Yes
No

b.

Containing & controlling the incident to prevent further compromise?

Yes
No

c.

Contacting appropriate law enforcement and regulatory representatives?

Yes
No

d.

Preserving records and other evidence?

Yes
No

e.

Customer notification?

Yes
No

f.

Periodic employee awareness training?

Yes
No

Does the system implement an internal audit program?

Yes
No

If yes, does the scope of the internal audit program include

a.

Network security?

Yes
No

b.

General IT-related controls?

Yes
No

c.

Penetration testing?

Yes
No

d.

Application development policies & procedures?

Yes
No

e.

Disaster recovery / business continuity planning?

Yes
No

f.

Information security program?

Yes
No

g.

Compliance with applicable safeguarding customer information regulations?

Yes
No

Does the system have provision to implement an information security program (ISP) to protect non-public information?

Yes
No

If yes, does the ISP include:

a.

Written policies & procedures?

Yes
No

b.

Employee training?

Yes
No

c.

Monitoring?

Yes
No

d.

Security at both the applicant and, if applicable, significant service providers?

Yes
No

e.

Logical & physical security considerations?

Yes
No

f.

Provisions for testing the effectiveness of key

Yes
No

g.

controls through some type of audit, test, review, etc.?

Yes
No

h.

Provisions for adjusting the program?

Yes
No

Does system implements an ISP with respect to its application server infrastructure and controls ?

Yes
No

If yes, does the ISP include:

a.

Security check of any internal application servers which contain customer information or critical data is stored, processed, or transmitted?

Yes
No

b.

Does the security check test for internal application servers’ vulnerabilities?

Yes
No

c.

Does the security check test for internal application servers validating appropriate access controls?

Yes
No

d.

Does the security check test for internal application servers provide for penetration testing?

Yes
No

Does system have provision to implement an ISP with respect to its customers website and associated web application security?

Yes
No

If yes, does the ISP include:

a.

Written policies & procedures?

Yes
No

b.

Monitoring?

Yes
No

c.

Provisions for adjusting the program?

Yes
No

d.

Security evaluation of the public facing website and web applications on which customer information is kept, processed, or transmitted?

Yes
No

e.

Is security tested for vulnerabilities?

Yes
No

f.

Is security tested for access controls?

Yes
No

g.

Does security testing include penetration testing?

Yes
No

More Questions

Request Demo →