Q

How much info should an ASP give potential customers about its security policies?

As an ASP, our company gets requests from prospective customers to provide them with our security policies and/or...

to fill out lengthy security questionnaires.

While I respect their request and need to know, how much information is too much? Is there industry information (i.e., surveys, etc.) that identifies what type of security information is safe to provide to external entities?

In this case, as a prospect, they are governed by an NDA, but they have the information regardless of whether they choose to be a customer or not.

Thanks in advance for your help!


Having previously worked for an ASP as a Chief Security Officer, I understand your dilemma. While there, I created two separate security policies, one for internal use detailed our corporate policies and a second, less detailed policy, that gave prospective customers an understanding of our security infrastructure. The external security policy provided enough information to prove we were serious about security, but not enough information to give away any important details. Corio provides an interesting example.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Outsourcing


This was last published in April 2002

Dig Deeper on Secure SaaS: Cloud services and systems

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close