Noah Test Security Portal

Overview

This is a test that the UI edit works in prod.

Privacy

Business Associate Contract (BAA)

Testing from Noah Test!!!

CCPA Compliance

Outlook good.

GDPR Compliance

Most likely.

Financial Information

Most likely.

Protected Health Information (PHI)

Without a doubt.

Personally Identifiable Information (PII)

My reply is no.

Risk Management

Action Plan Status

Most likely.

Action Plan Approval

Outlook good.

Vendor Management Review

Could Be

Risk Ownership

Yes definitely.

Vendor Policy Review

It is Certain.

Approved Risk Management Program

It is decidedly so.

Privacy Risk Assessment

Don't count on it.

Vendor Management Re-Assessment

It is decidedly so.

Organizational Security

Designated Security Point of Contact

Maybe

Human Resources

Background Screening

Yes

Human Resource Policy

Reply hazy, try again.

Disciplinary Process

Signs point to yes.

Employee Agreements

As I see it, yes.

Roles and Responsibilities

Outlook not so good.

Off-boarding Process

My reply is no.

Security Awareness Training

Reply hazy, try again.

Solution Security

Single Sign On

Data Encrypted at Rest

Yes.

Customer Data Removal

Concentrate and ask again.

Data Encrypted in Transit

Cannot predict now.

Service Level Agreement

My sources say no.

Access Control

Internally Shared User Accounts

Possibly

Staff Scoped Data Access

As I see it, yes.

Application Security

Software Development Lifecycle

Signs point to yes.

Change Control Documentation

It is decidedly so.

Server Scoped Data Processing

Ask me tomorrow

Production Change Control

Maybe

Production Data in Non-Production Environments

Better not tell you now.

Patching Schedule

Don’t count on it.

Secure Web Traffic

Reply hazy, try again.

Threat Management

Penetration Testing

You may rely on it.

Anti-Malware Policy

Without a doubt.

Internal Vulnerability Scanning

External Vulnerability Scanning

Yes – definitely.

Vulnerability Management Process

It is certain.

Business Resiliency

Recovery Point Objective

Yes

Business Continuity Plan

Ask again later.

Business Resiliency Plan

Signs point to yes.

Recovery Time Objective

Ask me tomorrow

Compliance

Internal Compliance Department

Could Be

Operations Management

Backups

Yes.

Maintenance Schedule Downtime

Very doubtful.

Maintenance Schedule

You may rely on it.

Security Policy

Policy Review Cadence

Outlook good.

Information Security Policy

Concentrate and ask again.

Physical Security

Physical Security Policy

Ask again later.

Physical Security Controls

Better not tell you now.

Network Security

Intrusion Detection

Very doubtful.

Intrusion Prevention

My sources say no.

Network Device Hardening

Cannot predict now.

End User Device Security

Log Review and Alerting

Outlook not so good.

Log Collection and Storage

As I see it, yes.

Mobile Device Management Solution

Yes definitely.

Incident Event and Communications Management

Formal Incident Response Plan

It is Certain.

Certifications

Noah Test Security Portal

Business Associate Contract (BAA)

CCPA Compliance

GDPR Compliance

Financial Information

Protected Health Information (PHI)

Personally Identifiable Information (PII)

Action Plan Status

Action Plan Approval

Vendor Management Review

Risk Ownership

Vendor Policy Review

Approved Risk Management Program

Privacy Risk Assessment

Vendor Management Re-Assessment

Designated Security Point of Contact

Background Screening

Human Resource Policy

Disciplinary Process

Employee Agreements

Roles and Responsibilities

Off-boarding Process

Security Awareness Training

Single Sign On

Data Encrypted at Rest

Customer Data Removal

Data Encrypted in Transit

Service Level Agreement

Internally Shared User Accounts

Staff Scoped Data Access

Software Development Lifecycle

Change Control Documentation

Server Scoped Data Processing

Production Change Control

Production Data in Non-Production Environments

Patching Schedule

Secure Web Traffic

Penetration Testing

Anti-Malware Policy

Internal Vulnerability Scanning

External Vulnerability Scanning

Vulnerability Management Process

Recovery Point Objective

Business Continuity Plan

Business Resiliency Plan

Recovery Time Objective

Internal Compliance Department

Backups

Maintenance Schedule Downtime

Maintenance Schedule

Policy Review Cadence

Information Security Policy

Physical Security Policy

Physical Security Controls

Intrusion Detection

Intrusion Prevention

Network Device Hardening

Log Review and Alerting

Log Collection and Storage

Mobile Device Management Solution

Formal Incident Response Plan

ISO 9001

completed 01/01/2020

HIPAA

planned