Need more help?
Security Knowledge Base
Find all your answers here
- Are there any exclusions in the Tax Systems ISO 27001 certification?
- What are the boundaries for the Tax Systems ISO 27001 Certification?
- Are there any ISO 27001 Controls that are ‘Not Applicable’?
- What is the scope of Tax Systems ISO 27001 Certification?
- Is Tax Systems SOC 1 or SOC 2 certified?
- What mandatory policies does Tax Systems have in place?
- Are Tax Systems services security tested?
- Does Tax Systems undergo an audit or review and how frequently?
- Does Tax Systems adhere to Information Security Standards?
- Do you block third parties from connecting remotely to your environments?
- Do you configure remote access methods to prevent unauthorised connections?
- Do you periodically review the router / firewall logs, validating filter operation?
- Do you allow only authorised ports and services?
- Do you have a process on how permissions are granted to access the firewall?
- Is the production environment isolated from development or user acceptance test network?
- Does Tax Systems classify information?
- Who owns the data stored by Tax Systems?
- Will Tax Systems have access to customer data?
- Does Tax Systems share customer data with 3rd parties?
- What are 3rd party rights over access to customer data?
- How can data be retrieved?
- What happens to it if I stop using the service?
- How will Tax Systems protect my stored data?
- How long does Tax System retain customer data?
- Is customer data covered by GDPR?
- Does Tax Systems use firewalls?
- Does Tax Systems use URL filtering?
- How does Tax Systems protect from malicious emails?
- Does Tax Systems protect laptops from malware?
- Does Tax System monitor vulnerabilities out of hours?
- Can customers view the results of independent tests?
- Are Tax Systems solutions independently tested?
- How often are security risk assessments done?
- Who does Tax Systems monitors for Information Security attacks?
- How does Tax Systems protect laptops from unauthorised use?
- Is Tax Systems Cyber Essentials certified?
- What ISO 27001 Statement of Applicability (SOA) controls are ‘Not Applicable’ for Tax Systems certification?
- Does the Tax Systems ISO 27001 scope cover the services provided to customers?
- How often are reviews conducted on policy?
- How does Tax Systems manage risk?
10
- Does Tax Systems monitor compliance with the policy and are the consequences of non-compliance clearly documented and communicated?
- How often does Tax Systems review its policies?
- Does Tax Systems require all employees and contractors associated with the services provided , to periodically sign that they understand and are awareness of security policies and procedures?
- Does Tax Systems communicate the information security policy to all employees, contractors and service providers?
- Does Tax Systems have a Clear Desk policy?
- Does Tax Systems have a Bring Your Own Device (BYOD) policy
- Does Tax Systems have a Business Continuity and Disaster Recovery policy?
- Does Tax Systems have an access Control for all standard, privileged and system accounts
- Does Tax Systems have security configuration standards for networks, operating systems, applications, desktops, and mobile technology
- Does Tax Systems have a data handling policy that includes secure use, storage, and destruction of confidential data?