March 25, 2011 - 2:59pm
#1
SDeininger
For those that outsource IT Security Assessment Audit – 1. How frequently does your credit union contract for an IT review? Does that include penetration testing? 2. Do you contract with the same company or not use the same company for the subsequent review. 3. Who have you contracted with and can you share their Statement of Works (SOW)? We have a difference of opinion on using the same company for two reviews in a row. The contention is one organization doing subsequent reviews could provide an ongoing analysis and not just a snap-shot (point in time) review. Any assistance is appreciated. Thanks!
