General
- Do you apply daily patches to avoid zero days attacks?
- Will you copy customer data in non-production environments?
- Do you have in place measures to prevent viruses and malware from entering the facility or being loaded on to any systems?
- Do you have an antivirus software on each server?
- Do you have policies and controls in place to manage IT infrastructure?
- Do you monitor logs?
- Do you perform backups and restore exercises?
- Are backups securely stored?
- Do you have a data/services recovery and restoration according to the criticality of the applications?
- What operating system(s) is/are leveraged by the system(s)/application(s)?
- How do you ensure all emails are scanned for viruses?