General Information

Company Name Product Name Contact Person Email Address

Compliance & Certifications

Is the product compliant with any standards (e.g., SOC 2, ISO 27001, GDPR)? If yes, please specify.

List current security certifications and their validity periods.

What data is collected and stored by the product?

Describe the data encryption methods used at rest and in transit.

Where is the customer data stored (geographical location)?

Describe the authentication mechanisms supported (e.g., SSO, MFA).

How does the product manage user roles and permissions?

How often are security assessments (e.g., penetration tests) performed?

How are vulnerabilities tracked, prioritized, and remediated?

Describe your process for monitoring and responding to security incidents.

How are backups performed and secured?

List third-party services or integrations used by the product.

How do you assess the security of third-party vendors?