Compliance Readiness

Public summary of security questionnaire readiness, NDA workflow, and customer review process.

NDA-first review model

This compliance content is provided through NDA-scoped reviewer access. Additional operational detail is shared only for approved diligence scope.

For a recommended first-pass review order, start with Procurement Packet. 

<section>
  <h2>Customer Review Workflow</h2>
  <ol>
    <li>Submit your security questionnaire and required timeline.</li>
    <li>We align review scope to your risk and legal requirements.</li>
    <li>Access to restricted operational and compliance documentation requires authenticated reviewer access controls.</li>
    <li>NDA acceptance is required for restricted operational and compliance documentation.</li>
  </ol>
</section>

<section>
  <h2>Questionnaire Coverage Areas</h2>
  <ul>
    <li>Data handling and retention controls</li>
    <li>Encryption, access control, and secret management approach</li>
    <li>Incident response and customer communication process</li>
    <li>Infrastructure operations and change management approach</li>
    <li>Subprocessor categories and governance process</li>
  </ul>
</section>

<section>
  <h2>Typical Procurement Questions We Prepare For</h2>
  <ul>
    <li>What data is collected, where it is stored, and how long it is retained</li>
    <li>How authentication, authorization, and privileged access are controlled</li>
    <li>How incidents are detected, handled, and communicated</li>
    <li>How vulnerabilities and dependency updates are managed</li>
    <li>How backups, recovery, and continuity are handled</li>
  </ul>
</section>

<section>
  <h2>NDA and Access Controls</h2>
  <ul>
    <li>Restricted documentation access is role-based through the authenticated reviewer portal.</li>
    <li>NDA acceptance is enforced before granting restricted docs roles.</li>
    <li>Access can be granted to specific reviewers for defined review windows.</li>
  </ul>
</section>

<section>
  <h2>How To Request a Review</h2>
  <p>
    Send requests to <a href="mailto:privacy@vostego.com">privacy@vostego.com</a> with:
  </p>
  <ul>
    <li>Your company name and primary reviewer contacts</li>
    <li>Required questionnaire format or template</li>
    <li>NDA terms (if applicable)</li>
    <li>Target completion date</li>
  </ul>
  <p>
    For faster turnaround, include your most critical blocker questions first.
  </p>
</section>

← Back to Trust Center