| Do you have a policy that describes how employees may work remotely regarding the operation, management, and support of the services delivered? | Yes |
| Do you have processes and routines in place for background checks on staff? | Yes |
| Have you signed a confidentiality agreement (NDA) with your employees? The confidentiality agreement must include information about your customers. | Yes |
| Do you have agreements that ensure confidentiality for subcontractors (NDA)? | Yes |
| Do you regularly conduct staff training to increase information security awareness? | Yes |
| Describe what measures you have in place for violating information security rules. | n/a |
| Do you have documented rules, routines, and roles that describe the permitted use of the resources included in the delivery? | No |
| Do you have routines and features for permanently deleting information related to the delivery? (The supplier must, on request, be able to present evidence that this has happened.) | No |
| Do you conduct regular risk assessments for the system/service/application? | No |
| What routines do you have for information management? | Documents and procedures |
| What are your guidelines for system administration accounts? | Internal information |
| Briefly describe what encryption routines you have in place. | Internal information |
| Do you encrypt all communications, and which encryption technologies are used? | n/a |
| Describe your data destruction procedures. What happens to customer data if a customer leaves you? How do you handle the decommissioning or temporarily managing databases and storage media holding customer-related information? Within what time period is it managed? | We don’t store customer data. All data is stored in your SharePoint tenant |