Tags
Due Diligence
File
checklist
Files & media
Data Collection & Storage
- Categories of user data collected from customers
- How is consent taken for collecting sensitive personal data?
- List of third party tools/services used to process or store data
- Geographical locations where data is stored and processed
Data Security Controls
- Encryption mechanisms used to protect sensitive data in transit and at rest
- Authentication mechanisms for various interfaces and dashboards
- Access control policies - password policy, principle of least privilege etc
- Backup policy & retention period for user data
Data Handling Policies
- Process for dealing with user data access and modification requests
- Policy for data sharing with third parties (if any)
- Data retention schedules and policy
- Mechanisms to allow users to delete data or close account
IT Systems & Servers
- Architecture diagrams of various application components and data flow
- List of internal servers, systems and their purposes
- IT security controls like firewalls, intrusion detection, audit logs etc.
Compliance Frameworks
- Implementation status of security policies aligned with ISO 27001
- Adoption of standard privacy frameworks like GDPR
- Undertaken third party audits in last 2 years? If yes, share reports
- Registered with Data Protection Authority in India?