This is the ninth section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers the following areas:

Organization and Management Computer Operations Physical Security Environmental Controls Program, Data File and Transaction Security Security Administration Applications Systems Development and Maintenance Systems Software Support Vendor Support Data Base Administration Hardware and Software Inventory Management Telecommunications Continuity of Operations

Vendors provide several key components of the computer system. This typically includes several purchased application software systems and virtually all system software and computer hardware. Their support and reliability are crucial to the proper operation of these systems. This part of the questionnaire covers the following Vendor Support topics:

Vendor Contracts.....................................................................................................2Vendor Viability........................................................................................................2Vendor Relations.....................................................................................................2

1

Vendor Contracts

1. Have all significant contracts with outside parties been approved by executive management?

2. Are all contracts with outside parties maintained in a secure location?3. Are software vendors required to maintain copies of their software and documentation in

escrow so that in the event they go out-of-business, the organization has recourse and access to means of maintaining the system.

4. Does legal counsel review all vendor contracts before they are finalized?

Vendor Viability

1. Is vendor reliability and long-term business viability considered before entering into a contractual relationship?

Vendor Relations

1. Is a service log maintained to document vendor support servicing?2. Do policies prescribe all the major contracts subject to competitive bidding?

2