Do you have a business continuity plan?
Yes, ISMS 05, can be provided upon Customer's request.
Do you have a disaster recovery plan?
Business Continuity Plan, can be supplied to the Customer if requested.
Do you have a copy of your latest SOC audit?
Maytech do not have a SOC 2 report. Our information security management systems are instead ISO 27001 certified, and audited twice a year by Lloyd's Register Quality Assurance, one of the leading global business assurance providers.
The criteria / controls required by the two standards were developed to mitigate similar risks and there is considerable overlap in the criteria defined in the Trust Service Principles of SOC 2 and the controls defined in Annex A of ISO 27001.
Both standards provide independent assurance that the necessary controls are in place and whereas ISO 27001 is an international standard with its origin in a British standard, SOC 2 is created and governed by the American Institute of Certified Public Accountants, AICPA.
Are you able to share the results of any such penetration tests with us? (If so, please confirm any format restrictions. Such as a provision to provide abridged summaries only.)
Maytech can share the management summary and residual risk statement upon Customer request.
With prior agreement, can we arrange for our own third-party penetration test to be carried out?
Customers may perform penetration testing on Maytech's systems subject to advance written agreement.