|
|
|
|
|
|
by brendan0powers
1456 days ago
|
|
|
This looks like a form Epic would send to software vendors who have not passed one of the industry standard security certifications (SOC 2, for example). This is common practice for large enterprises when engaging with new vendors. These are super obnoxious to fill out, but usually come with very large enterprise contracts, so vendors put up with them. It's certainly not normal to send these to maintainers of open source projects... In this case I suspect the employee in question simply misunderstood the company process, and had no malicious intent. |
|
|
Two options:
1) point them to your existing policies and processes for SOC2, IRAP, ISO27001 and similar, the questionnaire is already filled
2) fill it out as best you can if it's going to earn you bank.