Google and Salesforce create cybersecurity baseline for companies checking vendors | ZDNet

(With my DPO hat on…) one of the many challenges of completing Data Processing Agreements with our clients and our suppliers is that there’s no commonly accepted baseline of security controls. The MVSP is a reasonable starting point, though it doesn’t address privacy…:

Google and Salesforce have announced the creation of a vendor-neutral security baseline called the Minimum Viable Security Product (MVSP), which they said was an effort to “raise the bar for security while simplifying the vetting process.”

MVSP was developed and backed by Okta, Slack and more. Google vice president of security Royal Hansen said it was “designed to eliminate overhead, complexity and confusion during the procurement, RFP and vendor security assessment process by establishing minimum acceptable security baselines.”

[…]

Original article