Toward that end, the Information Security Office enhanced the risk assessment process during the fiscal year. The group: Developed a standard set of security questions, based on industry standards, to determine if a vendor’s security controls are adequate to protect … Continued