As an ASP, our company gets requests from prospective customers to provide them with our security policies and/or to fill out lengthy security questionnaires.
While I respect their request and need to know, how much information is too much? Is there industry information (i.e., surveys, etc.) that identifies what type of security information is safe to provide to external entities?
In this case, as a prospect, they are governed by an NDA, but they have the information regardless of whether they choose to be a customer or not.
Thanks in advance for your help!
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Outsourcing
This was first published in April 2002