Do you have a policy that describes how employees may work remotely regarding the operation, management, and support of the services delivered?

Yes

Do you have processes and routines in place for background checks on staff?

Yes

Have you signed a confidentiality agreement (NDA) with your employees?

The confidentiality agreement must include information about your customers.

Yes

Do you have agreements that ensure confidentiality for subcontractors (NDA)?

Yes

Do you regularly conduct staff training to increase information security awareness?

Yes

Describe what measures you have in place for violating information security rules.

n/a

Do you have documented rules, routines, and roles that describe the permitted use of the resources included in the delivery?

No

Do you have routines and features for permanently deleting information related to the delivery? (The supplier must, on request, be able to present evidence that this has happened.)

No

Do you conduct regular risk assessments for the system/service/application?

No

What routines do you have for information management?

Documents and procedures

What are your guidelines for system administration accounts?

Internal information

Briefly describe what encryption routines you have in place.

Internal information

Do you encrypt all communications, and which encryption technologies are used?

n/a

Describe your data destruction procedures. What happens to customer data if a customer leaves you? How do you handle the decommissioning or temporarily managing databases and storage media holding customer-related information? Within what time period is it managed?

We don’t store customer data. All data is stored in your SharePoint tenant