ReadyNine | [email protected] | 500 W. Madison Street, Suite 1000, Chicago, IL 60661 Company Background – Pre-Sales These are pre-relationship questions a business should ask a prospective information technology service provider. The goal is to help you determine if they are qualified. 1. Do you operate your firm with at least the same level of security as you recommend to your clients? If no, please explain in detail why not and what is different. 2. Do you have qualified security resources who are specifically assigned to keeping your network safe? If no, please explain in detail. 3. If you do not have inhouse security experts, do you leverage the expertise of qualified security professionals outside your organization that are responsible for the security and assessment of your systems? If no, please explain in detail why not and what compensating controls / solutions are in place: 4. Have your systems, policies and procedures been independently assessed by independent, qualified professionals outside your organization for security effectiveness and enforcement? If no, please explain in detail what validation processes are used to ensure the above. 5. Has your firm had any core services or systems outages that impacted your ability to operate, support clients’ systems or client services in the last 12 months? If yes, please explain. 6. Has your firm had any significant network (or other system) security incidents in the last 36 months? If yes, please explain. 7. Has your firm ever had a cyber incident determined to be reportable to law enforcement or federal or state regulatory bodies? If yes, please explain.