| Security Requirement | Yes | No | N/A | Notes |
|---|---|---|---|---|
| Does the vendor have a documented Information Security Policy? | ||||
| Is the company SOC 2, ISO 27001, or equivalent certified? | ||||
| Does the vendor perform regular penetration testing? | ||||
| Is data encrypted at rest? | ||||
| Is data encrypted in transit? | ||||
| Does the solution support SSO and/or MFA? | ||||
| Are regular security awareness trainings conducted for employees? | ||||
| Is there a documented incident response plan? | ||||
| Does the vendor conduct regular data backups? | ||||
| Can customer data be exported or deleted on request? |