Do you apply strict permissions to customer data?
Do you perform any integrity checks on data periodically?
Do you have a properly tested backup solution for customer/environment data?
Do you ensure that backups are protected from unauthorized access?
Do you incorporate secure disposal of expired data?
Do you have a clear policy and procedures for information classification, protection and disposal in place?
Do you separate data between customers/environments?
Do you have anti-malware protection deployed to protect data?
Are the responsibilities regarding data stewardship defined, assigned, documented, and communicated?
Do you support secure deletion (e.g., degaussing/cryptographic wiping) of archived and backed-up data as determined by the tenant?