Savanta_37_online_sample_questions_US
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>37</strong> QUESTIONS TO HELP BUYERS OF ONLINE SAMPLES<br />
Policies and compliance<br />
35. What are the key elements of your information security compliance<br />
program? Please specify the framework(s) or auditing procedure(s) you<br />
comply with or certify to. Does your program include an asset-based risk<br />
assessment and internal audit process?<br />
<strong>Savanta</strong> is certified to ISO27001 and Cyber Security standards. We conduct quarterly<br />
internal audits of our ISMS and this is subject to an annual external audit. In addition,<br />
we conduct regular pen tests, and our information security systems are audited by our<br />
clients. We have a risk register, which is updated monthly during the meeting of the<br />
Business Assurance Committee.<br />
36. Do you certify to or comply with a quality framework such as ISO 20252?<br />
<strong>Savanta</strong>’s CATI unit is certified to ISO20252 standards. <strong>Savanta</strong> as a whole complies with<br />
this standard but is not certified.<br />
savanta.com<br />
17