REQU-02

Does your product or service have an interface?

Explanation

This question is asking whether your product or service has any type of interface that users interact with. An interface is any point where users (either end users or administrators) can interact with your system. Interfaces can include: - Web applications (websites, portals) - Mobile applications - Desktop software - Command-line interfaces - APIs (Application Programming Interfaces) - Administrative dashboards or consoles The security assessment is asking this question because interfaces are potential entry points into your system and therefore represent security risks. Each interface needs appropriate security controls to prevent unauthorized access, data breaches, or other security incidents. When answering this question, you should be comprehensive and list all interfaces your product provides, including those for different user types. Don't forget about administrative interfaces that might only be used by a small number of people. Being transparent about all interfaces helps the security assessors understand the full scope of what needs to be secured.

Guidance

This includes any interface for end users and interfaces used by administrators at the institution.

Example Responses

Example Response 1

Yes, our cloud-based learning management system has multiple interfaces For end users (students and faculty), we provide a web application accessible via standard browsers and a mobile application for iOS and Android devices For institutional administrators, we offer a separate administrative web interface with enhanced privileges for user management, system configuration, and reporting Additionally, we provide a REST API that allows institutions to integrate our service with their existing systems.

Example Response 2

Yes, our data analytics software has three interfaces The primary interface is a desktop application installed on Windows/Mac/Linux systems where users can load, analyze, and visualize data We also provide a web-based lightweight version with reduced functionality for quick access For system administrators at the institution, we have a separate web-based administration console for managing user accounts, permissions, and system settings.

Example Response 3

No, our service does not have a direct user interface We provide a background data processing service that integrates with the institution's existing systems through automated file transfers and scheduled batch processing All configuration is done through configuration files that are edited manually and uploaded to our secure FTP server While this approach limits the attack surface by not having interactive interfaces, it does mean that users at your institution will need technical knowledge to configure and use our service, and we recognize this may not meet your requirements if you're looking for a solution with direct user interaction capabilities.

Context

Tab
IT Accessibility
Category
Required Questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron