Security Assessment Wizard

COMPTIA IT SECURITY ASSESSMENT ("ITSA") SOLUTION PROVIDER AGREEMENT

You, as an authorized representative, personally and on behalf of your organization, agree to the following:

  1. In accordance with the terms contained herein, CompTIA Member Services, LLC ("CompTIA") grants to your organization a limited, non-exclusive, revocable license to use and administer the ITSA with end user customers, clients, and other third parties ("End Users") for the purposes of evaluating the security strengths and weaknesses of End User IT systems and networks. CompTIA reserves the right to terminate this license at any time for any reason, and you agree to terminate immediately any further use of the ITSA upon receipt of such notice.

  2. The ITSA is being provided on an "as is" basis, and CompTIA makes no warranties or representations of any kind, whether express, implied, or statutory regarding the ITSA, including but not limited, to the accuracy and completeness of the results and information provided by the ITSA. You agree that you will not represent to any End Users, either directly or indirectly, that the results of the ITSA confer any credentials upon them, including, but not limited to, any form of CompTIA certification or Trustmark.

  3. All product or service recommendations that are based from the ITSA and/or its results are made solely by you and your organization, and you acknowledge and agree that such recommendations are not made at the direction or prompting of CompTIA. CompTIA disclaims any and all liability for any claims or damages that may result from your use of the ITSA or of the results provided by the ITSA.

  4. You agree to release, indemnify, defend, and hold harmless CompTIA, its affiliates, and their officers, directors, employees, and agents from all claims, damages, and losses arising out of or related to: (i) any breach of the terms of this agreement by you or your organization; (ii) your access to, to your use of, or to your End User’s use of the ITSA or of the results provided by the ITSA; or (iii) your product or service recommendations made to End Users.

  5. You represent and warrant that your organization has made a thorough review of applicable law and that the use of the ITSA and the ITSA results are permitted under such applicable law. You represent and warrant that you only will use the ITSA and the ITSA results for the purposes provided herein.

  6. You acknowledge and agree that the ITSA and all other intellectual property related thereto, including any and all trademarks incorporated therein, are and shall remain the property of CompTIA. You agree that you will not take any action, either individually or in cooperation with any third party, against CompTIA or any other party that is intended to or that might diminish or encumber our ownership rights related to the ITSA and/or the related intellectual property. Further, you will not use the ITSA or any other intellectual property related thereto to develop an IT security assessment that is similar to and/or that competes with the ITSA.

  7. You acknowledge and agree that during the administration of the ITSA, an End User may provide information that it deems confidential. You represent and warrant that you will not share any End User information related to the ITSA, including, but not limited to, the ITSA results, with any third party without first obtaining the express written permission of the End User. You agree to indemnify, defend, and hold harmless CompTIA, its affiliates, and their officers, directors, employers, and agents from all claims, damages, and losses arising out of or related to your disclosure of an End User’s information that is inconsistent with the terms of this agreement.

  8. You and your organization promise not to sue or proceed in any manner, in agency or other proceedings, whether at law, in equity, by way of administrative hearing, or otherwise, against CompTIA or its affiliates, officers, directors, employees, agents, successors and assigns, because of or arising out of this agreement and/or your use of the ITSA or the ITSA results. The terms of this agreement and use of the ITSA shall be governed by the laws of the State of Illinois. Exclusive venue for any claims arising out of this agreement will be in the state and federal courts located in Du Page County, Illinois, USA. You agree that the aforesaid courts shall have exclusive jurisdiction over this agreement, and specifically waive any claims which you may have that involve jurisdiction or venue, including, but not limited to, forum non conveniens.

None of the following information is stored. All fields where applicable are required.

Solution Provider:
Client:

Select Currency:

Client Company Information

1. What is your company’s total annual revenue?

2. How many people do you employ?

3. What primary type of business do you serve? (Select 1)












3.1. What additional types of businesses do you serve? (Check all that apply)












3.2. Do you have Non-Disclosure Agreements (NDAs) or Business Associate (BA) agreements in place with any of your clients?



4. Do you have multiple locations?


5. Do you accept payment cards from customers or suppliers?


6. What technical issues are most recurring at your company? (Check all that apply)



7. Do you have written policies, standards and procedures that govern how technology is to be used and managed?


Technical Infrastructure

1. Do you allow employees to work remotely or telecommute? i.e. From home, on business travel, etc.


2. Do you permit employees to use their personal computing devices at work?


2.1 If yes, do you have a policy in place that specifically covers telecommuting?


3. How many servers do you maintain?

4. What operating system are your servers? (Check all that apply)



5. How many desktops do you maintain?

6. How many laptops do you maintain?

7. What operating system are your desktops and laptops? (Check all that apply)



8. How many thin clients do you maintain?

9. How many company issued tablets do you maintain?

10. How many company-issued smart phones do you maintain?

11. What operating system are your tablets and smartphones? (Check all that apply)


12. Do you have a password policy in place with mandatory scheduled change requirements?


13. Do you have a wireless network?


14. Do you have a wireless guest network?


15. Do you have a corporate Mobile Device Management (MDM) policy for corporate issued mobile phones, tablets and laptops?


16. Do you have a corporate MDM (Mobile Device Management) policy for employee's personal devices? This is commonly referred to as a Bring Your Own Device (BYOD) policy.


17. How are your servers, workstations and laptops kept current with the latest vendor-released software patches? (i.e. Vendor auto updates, outsourced IT company, RMM tool, etc.)

Security Tools

1. Do you have a current email antivirus/antispyware solution installed?


If yes - which one?

2. Do you have a current antimalware solution installed? (i.e., antivirus, antispyware, firewall, etc.)


3. What type of network firewall is installed on your network?

4 Does your firewall include a UTM (Unified Threat Management) module to protect against advanced threats?


If yes - Which one?

5. Do you have a current IPS/IDS (Intrusion Protection/Detection System) solution installed?


If yes - Which one?

6. Do you have an Internet content filtering solution in place?


If yes - Which one?

7. Do you have an encryption solution in place? If yes - Go to 7.1-7.3


8. Do you have a disaster recovery plan with documented processes and procedures?


9. Do you have data backup & recovery solutions in place?


If yes - fill in which one(s) below then go to 9.1-9.3

10. Do you have a document archiving solution in place?


11. Do you have a Data Loss Protection Solution?


If yes - which one?