The Essential Security Questions
Product-Specific Access Controls
User authentication, authorization, and access management within your product.
Questions in this Category
Describe how users authenticate to your application. Do you support MFA and SSO? What SSO protocols are supported (SAML, OIDC)?
Understanding the Question This question is asking you to detail the methods your application uses to verify the identity of its users.
Does your application support role-based access control (RBAC) with granular, customizable permissions?
Explanation of the Question This question is asking whether your application has a system in place that allows you to assign specific roles to users, where each role has a unique set of permissions.
How does your application store and protect API keys?
Explanation of the Question This question is asking about the methods and measures your organization uses to store and safeguard API keys within your application.
What audit trails and logs are available for customer review? (user activity, admin actions, data access)
Explanation of the Question This question is asking about the records and logs that your organization maintains, which can be reviewed by customers.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.
