All Categories > Enterprise Security Assessment > Risk and Security Management > Risk Assessment and Treatment

Risk Assessment and Treatment

Questions concerning risk governance, oversight and risk assessment of, as well as contracts with, our subcontractors.

Which clauses do your contracts with subcontractors include?

All contracts between QR Planet and any subcontractor are up to legal standards and include the commonly used clauses as shown in this table.

Last update 1 week ago

Do contracts with all subcontractors include Non-Disclosure/Confidentiality Agreements?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses like an NDA.

Last update 2 weeks ago

Do contracts with all subcontractors include ownership of information, trade secrets and intellectual property?

Our contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do contracts with all subcontractors include permitted use and limitations of use of confidential information?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do contracts with all subcontractors include data breach notification?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do contracts with all subcontractors include Indemnification/liability?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do contracts with all subcontractors include a termination/exit clause?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do contracts with all subcontractors include breach of agreement terms?

Yes. QR Planet's contracts with subcontractors are up to legal standards and include all commonly accepted clauses.

Last update 2 weeks ago

Do you have a formalized Risk Governance Plan that defines Enterprise Risk Management program requirements?

Yes. IT security policies, incident management, regular external security testing, and extended liability and cyber insurance are in place.

Last update 1 week ago

Do you have a formalized Risk Assessment Process in place, handling risks based on relevant risk acceptance levels?

No. The formalization of the QR Planet's already existing policies into a broader risk assessment based on predefined risk acceptance levels is planned for Q1.

Last update 1 week ago

Do your subcontractors have access to Scoped Systems and Data or to facilities processing the same?

Yes. If necessary, subcontractors have access to our scoped systems and data. We have DPA contracts with our subcontractors, ensuring full compliance.

Last update 1 week ago

Do you have a documented program for managing third-party risks in place?

No. As a small LLC, all of QR Planet's operational partners are known to management and are being carefully assessed and monitored. No formalization necessary.

Last update 1 week ago

Do you have contracts for all subcontractors requiring assessment?

Yes. QR Planet assesses all its service providers, dependent service providers, sub-processors or subcontractors prior to engagement and has contracts in effect.

Last update 1 week ago

Do you have an assigned individual responsible for relevant issues in regards to third-party risk management?

Yes. As a small LLC, all of QR Planet's operational partners are constantly monitored by management directly in regards to all relevant issues.

Last update 1 week ago

Does remediation reporting include a process to identify and log subcontractor information security, privacy and/or data breach issues?

All subcontractors have clearly defined privacy policies and established communication guidelines for any information security, privacy or data breach issue.

Last update 1 week ago