DATA-21

In the event of imminent bankruptcy, closing of business, or retirement of service, will you provide 90 days for customers to get their data out of the system and migrate applications?

Explanation

This question is asking about your organization's data exit strategy in case of business closure or service termination. It specifically wants to know if you will provide customers with a 90-day grace period to retrieve their data and migrate any applications before the service becomes unavailable. This is being asked in a security assessment because data availability and continuity are critical aspects of security and risk management. Organizations that store their data in your systems need assurance that they won't suddenly lose access to their information if your business situation changes. Without adequate time to retrieve data, organizations could face significant business disruptions, data loss, or compliance violations. The 90-day timeframe is considered a reasonable standard that gives customers sufficient time to plan and execute data migration projects, which can be complex and time-consuming, especially for large datasets or intricate application dependencies. To best answer this question, you should: 1. Be clear about your existing policies regarding service termination 2. Specify the exact notification period you provide 3. Explain the mechanisms you have in place for data export 4. Detail any assistance you offer during the migration process 5. Reference any relevant clauses in your service agreements If you don't currently have a formal policy that guarantees 90 days, consider whether you can commit to implementing one, or explain why your current timeframe is adequate for customer needs.

Example Responses

Example Response 1

Yes, our service termination policy explicitly guarantees customers a minimum 90-day grace period following any announcement of service discontinuation, whether due to bankruptcy, business closure, or retirement of service During this period, all customer data remains fully accessible through our standard interfaces and APIs We also provide enhanced data export tools that allow for bulk extraction of all customer data in industry-standard formats Our customer success team remains available throughout this transition period to assist with technical questions related to data migration This commitment is formally documented in Section 8.3 of our Master Service Agreement and has been tested during previous service consolidations.

Example Response 2

Yes, we provide a 120-day notification and transition period in the event of service termination for any reason Our business continuity plan includes specific provisions for orderly wind-down scenarios that prioritize customer data protection and accessibility During this period, we maintain all system functionality, including our comprehensive data export capabilities that support both incremental and complete data extraction Additionally, we provide documentation and technical support specifically focused on migration assistance For enterprise customers, we also offer optional professional services to assist with complex migrations at no additional cost during this transition period These commitments are contractually binding and included in our Terms of Service.

Example Response 3

Currently, our standard policy provides a 30-day notification period in the event of service termination, during which customers can access and export their data through our self-service portal While this is shorter than the 90 days mentioned in the question, we believe it's adequate for most of our customers given the relatively small data volumes typically stored in our system and the simplicity of our export process However, we recognize this may not be sufficient for all scenarios, and we're currently reviewing this policy We can make case-by-case exceptions for customers with larger data volumes or more complex integration requirements We're also exploring the possibility of extending our standard notification period to better align with industry best practices.

Context

Tab
Product
Category
Data

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron