#security (2024-08)
Archive: https://archive.sweetops.com/security/
2024-08-01
Anyone who has a Data Security Questionnaire they can share with me for 3rd party services processing data with AI? I need some inspiration and assurance that I’m covering the basics in our questionnaire
Also feedback on my draft questionnaire is very welcome.
Question 1: You might want to ask something about subprocessors. Your vendor may not use your data to train models, but if your vendor’s vendors do…
Unfortunately this concern with transitive effects, while valid and probably important, compounds the effort to ask, answer, and consume such questionnaires enormously. Some customers ask us for procedures 3 level deep (not just what we do, or our vendors do, but the vendors to our vendors, the “4th party” providers). It’s…a lot.
Not sure I’d call GDPR and CCPA/CPRA data protection regs. Maybe “data protection and privacy”? They have a touch of data protection, but are more privacy regs (so they concern the protection of the data relevant to individuals, which becomes a very different kettle of fish to most other data protection concerns like encryption, availability, retention, secure deletion, …).
But overall I would rate this a sensible and not too invasive questionnaire. Were that the majority coming our way were this concise and straightforward.
Thanks a million @Jonathan Eunice appreciate the feedback. The sub-processors are definitely a miss, I will make sure to add that.