| Are there logging functions for security-related events, and if so, which events do you log? | Nothing |
| How do you protect logging features and logging tools against tampering and unauthorized access, including from your own staff? | n/a |
| Describe how you inform customers about technical vulnerabilities. How and when do you report that you have discovered a vulnerability or leak? | Via email immediately |
| Describe what you use for principles and methods for developing secure systems. | n/a |
| Do you have guidelines for information security in your development processes? How are these applied to major changes? | n/a |
| The supplier must have routines for reviewing and testing the availability and security of changes to business-critical operating platforms. Describe your routines for reviewing and testing the availability and security of changes to business-critical operating platforms. | n/a |
| Do you have documented routines for monitoring, detecting, analyzing, reporting, escalating, and handling security events and security incidents? | n/a |
| Do you follow the routines for handling safety incidents from current laws and regulations? | n/a |
| Briefly describe your routines to ensure the availability of the system/application. | Internal information |
| Describe your routines for continuity and disaster management. How is our data protected from a reliability and accessibility perspective? | Data is always stored on your side. We don’t have access to it. |
| What are your SLA levels? (What do you guarantee for availability/uptime?) | Same as Azure |
| How often is data backed up? | We don’t store data |