REQU-01

Are you offering a cloud-based product?

Explanation

This question is asking whether your company offers a product that is hosted in the cloud and delivered to customers via the internet (often called Software as a Service or SaaS). Why it's being asked: Cloud-based products introduce specific security considerations that on-premises software doesn't have. When you host a product in the cloud, you're responsible for securing the application, managing customer data in a multi-tenant environment, ensuring proper access controls, and maintaining the infrastructure. The assessment wants to determine if cloud-specific security questions are relevant to your offering. The guidance clarifies that if you're only offering a service (like consulting) or if your product is installed on customer premises rather than hosted in your cloud environment, you should answer 'no'. How to best answer it: Be straightforward about your delivery model. If your product is hosted in AWS, Azure, Google Cloud, or your own data centers and accessed by customers over the internet through a web browser or API, answer 'yes'. If you sell software that customers install on their own systems or if you provide purely professional services without a technology component that you host, answer 'no'.

Guidance

If you are only offering a service, or are offering a product that is not cloud-based, answer "no".

Example Responses

Example Response 1

Yes Our product, SecureAnalytics, is a cloud-based analytics platform hosted in AWS data centers Customers access the application through a web browser and we maintain all infrastructure, application code, and customer data within our cloud environment.

Example Response 2

No While we do offer software products, all of our solutions are deployed within the customer's own environment (on-premises or in their cloud accounts) We provide installation packages and documentation, but we do not host any part of the application or store customer data in our environment.

Example Response 3

No Our company provides cybersecurity consulting services and penetration testing While we use cloud-based tools internally to manage our engagements, we do not offer a product that customers access via the cloud Our deliverables are reports and recommendations that we provide directly to clients.

Context

Tab
Product
Category
Required Questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron