Governance
Risk
Compliance
100

Are InfoSec Policies located on WUlife?

No 

In Policy center on Simon Onspring

100

Is ISRA required to be performed, prior to implementation to production, on all new or updated information systems, including all hardware and software (developed or acquired)?

Yes

Additional guidance can be found on WULife 

100

Does CIS interact with clients and partners in supporting and obtaining new business?


Yes

Client Assurance Executive Dashboard

200

Do we have 25 CIS Policies?

No

Total CIS policies are 15 

200

Is Western Union's disaster recovery strategy focused on 100% up time availability?

No

BCM Executive Dashboard 

200

Are there 393 active applications used at WU?

No

893

300

Do we have a document called 'Quick Guide to the Information Security Policies' that helps you find a specific CIS policy control fast? 

Yes

Quick Guide to the Information Security Policies 

300

Does CIS perform security assessments on all vendors?

No

Only the vendors who process/transmit/store/access WU data. 


300

Are attestations performed by Technical Owners monthly? 

No

Quarterly

400

Do we offer CIS policies in another language?

Yes

English and Spanish

400

Is CIS involved in the vendor selection process? 

Yes

Know your Vendor process (KYV) - Global Sourcing & Procurement 

400

Is it OK if you leave an important field blank in COMPASS? 

No

An Asset Review is conducted to ensure proper data gather.