CONS-04

Can access be restricted based on source IP address?

Explanation

This question is asking whether your consulting services can restrict access to systems, applications, or data based on the IP address from which a user is connecting. IP address restriction is a security control that allows or denies access based on the network location of the user. Why it's being asked: - IP filtering is a basic security control that adds a layer of protection beyond username/password authentication - It helps prevent unauthorized access from unexpected geographic locations or networks - It can limit access to sensitive systems to only known, trusted networks (like corporate offices or VPNs) - It's particularly important for consulting services where external parties may have access to your systems The assessor wants to know if you have the technical capability to implement this control and whether you're using it to protect sensitive information accessed during consulting engagements. To best answer this question: 1. Explain whether your systems support IP-based access restrictions 2. Describe how you implement this control (if you do) 3. Mention any limitations or exceptions 4. If applicable, note whether this is configurable per client or engagement

Example Responses

Example Response 1

Yes, our consulting services platform implements IP-based access restrictions All client portals and collaboration tools can be configured to allow access only from specific IP addresses or ranges This is typically set up during the engagement planning phase, where we work with clients to whitelist their corporate networks and VPN ranges Our system logs all access attempts, including those blocked due to IP restrictions, and generates alerts for repeated failed attempts from unauthorized IPs Additionally, we can implement time-based IP restrictions for temporary access needs.

Example Response 2

Yes, we support IP address restrictions across all our consulting service offerings Our security architecture includes a web application firewall and identity provider that work together to enforce IP-based access controls Clients can specify which IP ranges should have access to their project environments, and these restrictions are applied at both the network and application layers For remote consultants, we provide a secure VPN solution with fixed exit nodes that can be whitelisted Our security team reviews and updates these configurations quarterly or upon client request.

Example Response 3

No, our current consulting services platform does not support IP-based access restrictions Instead, we rely on multi-factor authentication, role-based access controls, and session timeouts to secure access to client data While we recognize IP filtering as a valuable security layer, our cloud-based delivery model is designed to provide secure access from any location, supporting our globally distributed consulting team and clients We are evaluating adding this capability in our next platform update scheduled for Q3, but currently, we cannot restrict access based on source IP address.

Context

Tab
Case-Specific
Category
Consulting Services

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron