Does the system platform hardened based on CIS and industry best practices?

Does the product passes ongoing security risk assessment and external audit?

Does the system complied with ISO 27001 and ISO22301 or any other regulation?

Does the system complied with OWASP top 10 for web applications and OWASP ASVS for testing coverage?

Does the system interfaces hardened according to the security best practices?

Does the system being up2dated with security patches,HW updates,OS updates?