REQU-03

Are you providing consulting services?

Explanation

This question is asking whether your organization provides consulting services as part of your business offerings. In a security assessment context, this is important because consulting services often involve different security considerations compared to software products or other services. Consulting services typically involve: 1. Direct human interaction with client systems or data 2. Potentially variable security controls depending on engagement type 3. Different access patterns to client environments 4. Potentially different contractual obligations regarding data handling Security assessors need to understand if you're providing consulting services because: - It affects how they evaluate your security posture - Consulting often involves different types of access to client systems - The security controls needed for consulting services differ from product-based offerings - Different compliance requirements may apply to consulting engagements When answering this question, be clear and specific about whether consulting is part of your business model. If you do provide consulting, be prepared to explain how you manage security in consulting engagements. If consulting is only a small part of your business, clarify this and explain how it relates to your main offerings.

Example Responses

Example Response 1

Yes, our organization provides consulting services as our primary business model We offer cybersecurity consulting, compliance advisory, and technical implementation services to clients across various industries Our consultants may require access to client systems and data to perform assessments, implement solutions, and provide recommendations We maintain strict security protocols for all consulting engagements, including background checks for consultants, secure remote access procedures, and confidentiality agreements.

Example Response 2

No, our organization does not provide consulting services We are a SaaS provider offering a cloud-based project management platform Our business model is subscription-based, and while we do provide technical support and implementation assistance for our software, we do not engage in general consulting work or professional services that would involve our staff working directly within client environments or systems outside the scope of our platform.

Example Response 3

Partially While our primary business is delivering our data analytics platform as a SaaS solution, we do offer limited professional services to assist with complex implementations or custom integrations These consulting services represent less than 10% of our business and are strictly limited to the implementation of our own software We don't consider ourselves primarily a consulting firm, but we do recognize that these limited professional services engagements require specific security controls and procedures different from our core product offering.

Context

Tab
Case-Specific
Category
Required Questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron