Are you offering a cloud-based product?
Explanation
This is a foundational scoping question about whether your product is hosted in the cloud and delivered over the internet, often in a Software as a Service (SaaS) model.
Why it's being asked: Cloud-based products introduce specific security considerations that on-premises software doesn't have. When you host a product in the cloud, you're responsible for securing the application, managing customer data in a multi-tenant environment, ensuring proper access controls, and maintaining the infrastructure. The assessment wants to determine if cloud-specific security questions are relevant to your offering.
The guidance clarifies that if you're only offering a service (like consulting) or if your product is installed on customer premises rather than hosted in your cloud environment, you should answer 'no'.
How to best answer it: Be straightforward about your delivery model. If your product is hosted in AWS, Azure, Google Cloud, or your own data centers and accessed by customers over the internet through a web browser or API, answer 'yes'. If you sell software that customers install on their own systems or if you provide purely professional services without a technology component that you host, answer 'no'.
Guidance
If you are only offering a service, or are offering a product that is not cloud-based, answer "no".
Example Responses
Example Response 1
Yes Our product, SecureAnalytics, is a cloud-based analytics platform hosted in AWS data centers Customers access the application through a web browser and we maintain all infrastructure, application code, and customer data within our cloud environment.
Example Response 2
No While we do offer software products, all of our solutions are deployed within the customer's own environment (on-premises or in their cloud accounts) We provide installation packages and documentation, but we do not host any part of the application or store customer data in our environment.
Example Response 3
No Our company provides cybersecurity consulting services and penetration testing While we use cloud-based tools internally to manage our engagements, we do not offer a product that customers access via the cloud Our deliverables are reports and recommendations that we provide directly to clients.
Context
- Tab
- Product
- Category
- Required Questions

