How frequently is it tested?
Please upload your SOC1 or SOC2 reports
If an information security breach involving data occurred, would be notified of the breach?
Please elaborate regarding the disclosure procedure in place.
Is there a disaster recovery strategy in place?
Is there any reason that you would be prevented from notifying of a security or data breach?
Are computer systems (servers) backed up according to a regular schedule?