Security Questionnaire FAQ

Fast answers to common customer security review questions.

Common Questions

Do you have a documented incident response process?

Yes. See Incident Response for lifecycle and communication approach.

  <h3>How do you manage vulnerabilities?</h3>
  <p>We use regular dependency and platform updates, controlled deployment workflows, and remediation through runbooks and operational checks.</p>

  <h3>How are access controls enforced?</h3>
  <p>Access is role-based. Internal docs and sensitive operational content are restricted and require authenticated access with additional role checks.</p>

  <h3>How do you handle backups and recovery?</h3>
  <p>Operational backup and recovery processes are documented and exercised for critical data paths. Customer communication is prioritized for material impact.</p>

  <h3>How can customers request deletion or data access?</h3>
  <p>Submit requests to <a href="mailto:privacy@vostego.com">privacy@vostego.com</a>. See <a href="/trust/data-handling/">Data Handling</a>.</p>
</section>

<section>
  <h2>What We Can Share During Review</h2>
  <ul>
    <li>Public Trust Center materials (always available)</li>
    <li>Completed security questionnaires</li>
    <li>Additional architecture and operational details under NDA and scoped access controls</li>
  </ul>
</section>

← Back to Trust Center