Example Output
See how our tool matches your evidence to questionnaire questions.
Describe your organization's access control policy.
Our organization implements role-based access control (RBAC) aligned with the principle of least privilege. Access is granted based on job function and reviewed quarterly. All access requests require manager approval and are logged in our ticketing system. Privileged access is further restricted and requires additional approval from the security team.
- • Access Control Policy v2.3 (Section 4.1)
- • SOC 2 Type II Report (CC6.1)
How do you handle incident response?
We maintain a documented incident response plan reviewed annually. Our security team is available 24/7 for critical incidents. All incidents are classified by severity, tracked in our incident management system, and reported to affected parties within contractual SLAs. Post-incident reviews are conducted for all medium and high severity events.
- • Incident Response Procedure (IRP-001)
- • Business Continuity Plan (Section 7)
Describe your data backup and recovery procedures.
We perform daily incremental backups and weekly full backups of all production systems. Backups are encrypted and stored in a geographically separate location. Recovery procedures are tested quarterly with documented results.
- • Backup Policy (Partial match)