Vendor Readiness

Vendor Security Questionnaire

A procurement-friendly overview. Detailed responses and supporting documentation are available under NDA.

How to Use This Page

This page is intentionally high-level for public sharing. For enterprise evaluations, we can complete your full questionnaire and provide supporting documentation under NDA.

Do you complete vendor security questionnaires (SIG Lite / CAIQ-style)?

Yes. We can complete vendor security questionnaires and provide standard responses under NDA.

Do you have a responsible disclosure contact?

Yes. Please email security@ironcrestsoftware.com for vulnerability reports.

Do you support customer security requirements (SSO, MFA, RBAC, audit logs)?

Yes. We design systems to support enterprise controls, and integrate with customer identity providers and logging/monitoring where required.

Are you “SOC 2 certified”?

We do not claim certifications unless explicitly contracted and verified. We can align delivery practices to SOC 2 Trust Services Criteria and support audit readiness efforts.

Do you support regulated environments (HIPAA/PCI/GDPR)?

We build compliance-aligned systems and documentation based on customer requirements and the applicable regulatory context.

Security Control Areas (Overview)

Secure SDLC

  • Security-first design and review practices
  • Dependency hygiene and vulnerability remediation workflows
  • Release discipline and change control aligned to customer needs

Access Control & Identity

  • Least privilege and role-based access control patterns
  • SSO/MFA integration support where required
  • Auditable administrative actions

Data Protection

  • Encryption in transit and at rest (architecture-dependent)
  • Retention and deletion considerations appropriate to sensitivity
  • Privacy-by-design patterns and data minimization

Operations & Reliability

  • Observability hooks for logging/metrics/alerting
  • Runbooks and escalation paths for supported systems
  • Plan-defined SLAs and incident response workflows

Available on Request (Under NDA)

  • Security questionnaire responses (SIG Lite / CAIQ-style)
  • High-level security posture summary
  • Architecture notes / runbooks for delivered systems (project-dependent)
  • Control mapping summaries (project-dependent)
Request Questionnaire Completion Security & Compliance Legal Documents