![Freyr Digital_Without Tagline-03.png]](https://knowledgebase.freyrdigital.com/hs-fs/hubfs/Freyr%20Digital_Without%20Tagline-03.png?height=48&name=Freyr%20Digital_Without%20Tagline-03.png){kind=small}
General
Freyr SUBMIT PRO
- What is the database we are using right now?
- How much size will you provide on the server (cloud)?
- Who is your hosting provider? Which cloud providers do you rely on? Do you review/assess your cloud providers' security practices?
- Describe the current geographic distribution of the user base.
- Describe your Information Security Risk Management Program (Internal and Third Party).
- Do you have a formal Information Security Program (InfoSec SP) in place, including dedicated resources?
- Do you have an information security policy and supporting standards, guidelines, etc.? Do they align to an industry standard (e.g., ISO 27001, NIST CSF, etc.)?
- Explain your logging capabilities of the systems (level of logging, protection, retention, exportability, integration with log aggregators).
- Explain how you monitor both your systems and what’s available to your users. Do you provide reporting of monitoring results in an ingestible format for customers?
- Does Freyr have a Security Incident Response Program?
- Does Freyr have a Business Continuity Plan (BCP) and Disaster Recovery (DR) plan?
- Does Freyr encrypt all backups of customer data using industry-standard encryption protocols?
- Does Freyr encrypt all customer data at rest using industry-standard encryption protocols?
- Does Freyr encrypt all customer data transmissions across networks using industry-standard encryption protocols?
- Does Freyr have a policy for responding to security incidents and defining acceptable remediation time frames?
- Does Freyr have an accredited third party perform annual security audits?
- What roles and permissions does Freyr SUBMIT PRO offer, and how are users provisioned or de-provisioned?
- Does Freyr SUBMIT PRO use third-party software/services?