Security Controls Assessment
Security Controls Assessment ⫘
Important
The service listed above is only available to any customer for whom IMR was quoted on or before to March 31, 2022, and that customer executed a Transaction Document for the IMR within 90 days of the quote. By selecting this Service, Customer acknowledges and agrees that, notwithstanding anything to the contrary set forth in Customer’s agreement with Secureworks, Secureworks may subcontract these Services to Insight Direct USA, Inc., provided that, Secureworks will remain responsible for the performance of the Services to the same extent that it would be liable for its own acts or omissions.
Service Overview ⫘
Secureworks will assess your security controls as related to the in-scope framework(s). See the table further below for the list of frameworks.
Service Methodology ⫘
The assessment process consists of three components: Initial Meeting, Assessment, and Concluding Activities.
Initial Meeting
Secureworks will contact you to schedule the initial meeting, which will be conducted remotely through teleconference. You will review the Statement of Work, schedule the Assessment, and discuss the following:
- Goals and objectives for assessing security controls
- Roles and responsibilities
- Scope definition
- Project schedule and milestones
- Report requirements
- Your Subject Matter Experts ("SMEs") and points of contact ("POCs")
- Request for Documentation list
- Logistics for Assessment
Assessment
During the scheduled time period, Secureworks will conduct interviews remotely through teleconference with your team members as applicable (e.g., team members involved in documenting or executing your security controls), and conduct other activities related to assessing your organization's security controls. Your in-scope policies, standards, guidelines, procedures, and other documentation will be assessed.
Concluding Activities
- Analyze documentation you provide as related to security best practices in your industry
- Identify and validate technical, operational, and strategic areas of improvement in your security controls
- Conduct additional discussions and activities remotely through teleconference with your SMEs as needed
- Create Final Report (includes analysis of your security controls and documentation as related to security best practices in your industry, recommendations for improvement, and other information)
- Send Final Report to your POC(s)
Outcome ⫘
You will receive a report that includes analysis of the security controls and related documentation, and recommendations for improvement.
Scope and Service Units ⫘
Each Security Controls Assessment is conducted remotely through teleconference.
| Scope | Description | Service Units |
|---|---|---|
| CIS Top 20 | Assessment(s) delivered remotely through teleconferences | 12 On-site visit can be included for 5 Service Units per location |
| NIST 800-171, HIPAA | Assessment(s) delivered remotely through teleconferences | 16 On-site visit can be included for 5 Service Units per location |
| NIST 800-53, PCI | Assessment(s) delivered remotely through teleconferences | 24 On-site visit can be included for 5 Service Units per location |
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling this service.