How frequently is it tested?
Please upload your SOC1 or SOC2 reports
Is there any reason that you would be prevented from notifying of a security or data breach?
Are computer systems (servers) backed up according to a regular schedule?
If an information security breach involving data occurred, would be notified of the breach?
Please elaborate regarding the disclosure procedure in place.
Is there a disaster recovery strategy in place?