Due Diligence Workspace

5 in progress · 1 overdue · 1 pending approval

Total Reviews

In Progress

Overdue

Pending Approval

Not Started

Cybersecurity Review

In ProgressCritical

NorthStar Utility Billing Inc.

Evaluate vendor cybersecurity controls, incident response capability, and independent assessment status.

Due

2026-04-30

Reviewer

Kevin Tanaka

60% complete3 findingsScore: 77

0 of 12 items confirmed

Access & Identity0/2

Data Protection0/2

Monitoring & Response0/2

Vulnerability Mgmt0/3

Assessments0/3

Multi-factor authentication enforced on all admin accounts

Requiredcy-01Weight: 15

Encryption at rest for all city data

Requiredcy-02Weight: 12

Encryption in transit (TLS 1.2+)

Requiredcy-03Weight: 10

Centralized logging and SIEM in place

Requiredcy-04Weight: 8

Vulnerability management program documented

Requiredcy-05Weight: 8

Patch management SLA ≤30 days for critical patches

Requiredcy-06Weight: 10

Endpoint detection and response (EDR) deployed

Optionalcy-07Weight: 5

Identity and access management (IAM) policy

Requiredcy-08Weight: 10

Incident response plan tested within 12 months

Requiredcy-09Weight: 10

Independent security assessment (SOC 2 / pen test) current

Requiredcy-10Weight: 12

Secure software development lifecycle (SDLC) if applicable

Optionalcy-11Weight: 5

Third-party / supply chain risk program

Optionalcy-12Weight: 5

Reviewer Notes

Document observations, context, or exceptions relevant to this domain review.