Home / Resources / Security Questionnaire
Customer Security Questionnaire
A concise, reusable set of security and compliance answers for procurement, risk assessments, RFPs and due diligence.
1. Do you encrypt data at rest and in transit?
Yes. Data at rest is encrypted using strong encryption at the storage and database layer. Data in transit is protected using TLS with modern cipher suites.
2. Where is customer data hosted?
Primary hosting is in India with options for region pinning / data residency as per customer requirements and applicable regulations.
3. Do you support SSO and MFA?
Yes. We support SSO via SAML/OIDC and enforce MFA for privileged accounts as part of our access control policy.
4. How often do you perform security testing?
Regular internal vulnerability scanning and periodic independent penetration testing are part of our security program.
5. Do you have a documented incident response plan?
Yes. Incident response is governed by a formal policy including detection, triage, containment, eradication, recovery and post-incident review.
6. Is a Data Processing Agreement (DPA) available?
Yes. A standard DPA covering DPDP / GDPR-aligned obligations is available and can be executed as part of the contracting process.
For customised security questionnaires (e.g., customer-specific spreadsheets or portals), please contact security@apphoxtech.com or your APPHOX account representative.