The TISS-610 Remote Audit serves to assess the design and operating effectiveness of the controls of T-Mobile Suppliers over T-Mobile Confidential and/or Restricted information as defined in and in connection with the applicable sections and requirements of the T-Mobile Enterprise Third Party (Supplier) Information Security Standard (TISS-610).

As per the TISS-610, T-Mobile may request evidence of external audits and certifications. You are required to provide T-Mobile with a 3rd party report on adherence to the controls and security requirements of the TISS-610. T-Mobile has engaged Connor Consulting as the exclusive auditor for this program.

Connor will send you an email with instructions on how to get started with the audit process, included in that email will be links to a document request list and an online survey including the ability to submit necessary evidence. When you click on link, you’ll be taken to a secure portal that will take you to the questionnaire that will simultaneously map applicability and collect evidence for the TISS-610.

Connor will audit your in-scope security policies and procedures to verify that they meet T-Mobile standards. Additionally, Connor will look for any gaps, areas requiring remediation or vulnerabilities. Finally, Connor will provide access to our extensive library of templates and policies which can be used to upgrade you existing policy and procedure documentation.

Your business will be responsible for the charge for the audit payable to Connor Consulting. Upon starting the audit Connor will send an engagement letter/statement of work to be signed. An invoice 60% will be sent at the start of the audit while the second invoice for the remaining 40% will be sent upon completion.

T-Mobile has engaged Connor Consulting as an exclusive provider to perform the remote audits. Through engaging in an exclusive contract, T-Mobile has been able to provide its suppliers with lower prices for a high-quality audit. Additionally, Connor will also make use of technology such as the ConnorX questionnaire to reduce the amount of work and time required by you to complete the audit.

Connor is a compliance specialty firm with extensive experience with vendor management audits.

Please refer to https://www.connor-consulting.com/ to find out details about Connor Consulting.

Connor is an experienced third-party auditor with independence and adheres to AICPA standards. In addition, Connor has an up to date SOC2 report and follows recognized practices to ensure your data is secure throughout the audit process.

Yes, T-Mobile is exercising its right as per the TISS-610 and contractual obligations to have a third-party (Connor Consulting) perform an audit against the controls within the TISS-610.

The TISS-610 discusses T-Mobiles right to request evidence of external audits and certifications.

We expect the questionnaire to take about one hour to read through and complete. Collecting and uploading the required evidence will vary due to the nature of your business.

Upon completion of the online survey there will be a period for remediation efforts, including policy and procedure update, additional screenshots or supporting documentation, or clarification on applicability for individual controls based on the services provided in engagements with T-Mobile.

Per T-Mobiles direction, suppliers and vendors are to complete the audit within 30 days. We encourage you to complete the online questionnaire as quickly as possible to facilitate more time for remediation efforts if needed.

To meet T-Mobiles broader compliance objectives, T-Mobile has partnered with Connor to verify that its suppliers and vendors are in adherence to the standards within the TISS-610 that all vendors are obligated to meet.

Please reach out to grc.compliance@connorconsulting.com, and we would be happy to discuss the process and deadlines with you.

Yes, if any security issues or vulnerabilities are identified during the remote IT Security audit, a reasonable amount of remediation time is allowed and encouraged. Connor Consulting will work with you to address and found gaps, areas of improvement or missing information. During this time Connor Consulting can also provide policy and procedure templates and additional guidance on obtaining any required configuration screenshots. Remediation efforts are available at no additional cost regardless of the amount of assistance, or templates provided. Remediation efforts will be available in accordance with the 30-day timelines for the audit as directed by T-Mobile.

Following the remote IT Security audit, the audit team will assess the findings and if applicable work with you to remediate any findings. We will assess applicability, the documents provided in the questionnaire, and screenshots to identify any gaps or areas of Non-compliance. Connor Consulting will then advise you on areas that need remediation. During this time, we can provide policy and procedure templates, guidance on how to obtain additional screenshots, or advise on remediation action. Following the 30-day timeline Connor will then work with you to remediate areas and issue you a final report to deliver to T-Mobile.

If you are unable to remediate any issues or choose not to, they will be reflected on the final report.

Adherence to the Third-Party Information Security Standard (TISS-61) is required. However, we do realize that the standards broad approach may include elements that are non appliable to your business relation and engagements with T-Mobile. Connor will evaluate all non-applicable responses from the questionnaire for accuracy. If anything is found to be appliable and noncompliant there will be an opportunity for remediation. Connor Consulting can provide instructions and policy and procedure template to remediate those findings prior to issuing the final report. Anything that is found to be both appliable and noncompliant that is not remediated will be communicated to T-Mobile.

Please visit us at our website: https://connor-consulting.com/

Grc.compliance@connor-consulting.com