Sonarsource Questionnaire

Hello, help me to fill the questionnaire based on the given questions only “yes” and “no” answer mode

  1. Is data stored and backup encrypted to meet security standards?

  2. Is data transmission encrypted to ensure secure communication?

  3. Does the application comply with the company’s password policy?

  4. Is multi-factor authentication implemented for user access?

  5. How is data/drive disposal handled securely?

  6. Is there a flexible permission model in place for access control?

  7. Can users authenticate through external sources like LDAP, OpenID, or Google?

  8. Is user data backed up, and if so, is it backed up to a third-party solution?

  9. Is user data backup encrypted to maintain confidentiality?

  10. Are privileged user additions logged, and are notifications generated for these events?

  11. Is there event logging and notification for user invitations and acceptances?

  12. Are events related to adding users to groups logged and notified?

  13. Is there event logging and notification for role changes?

  14. Are additions of new objects (e.g., space, dashboard) logged and notifications sent?

  15. Are changes to permissions for admin subsections logged and notified?

  16. Are deletion operations (e.g., space, dashboard, user, permission) logged and notified?

  17. Does the service log key operations as specified in

  18. Does the service provide access to audit reports?

  19. Are notifications generated for various events within the application?

  20. Is there a mechanism for privileged users to add events, and do users receive notifications about these events?

  21. Are notifications sent when invitations are sent and accepted for events?

  22. Is there a notification system for adding users to groups?

  23. Do users receive notifications when their roles are changed?

  24. Are notifications sent when users are added to new objects (e.g., spaces, dashboards, parts of the service)?

  25. Is there a notification system for adding permissions for admin subsections?

  26. Are notifications sent for deletion operations (e.g., space, dashboard, card, user, permission)?

  27. Does the application have a Data Security Policy in place?

  28. Is the Data Security Policy readily accessible to users?
    29.Have potential risks related to the Data Security Policy been identified, such as the transfer of confidential information to third parties?
    30.Are responsibilities regarding confidentiality clearly defined within the application?

31.Does the application have an SLA document?
32. Have key SLA indicators been defined? (e.g., response times, uptime)
33.Are responsibilities regarding SLA compliance clearly outlined?

34.Is the invoice method the preferred and only accepted payment method for this application?
35. Is there a separate billing contact field available for our department to receive payment-related information?

  1. Is there a mechanism to ensure that the service undergoes periodic audits to validate licenses?

  2. Can the total number of licenses in use be easily determined within the application?

  3. Is there a feature that tracks the number of licenses remaining?

  4. Is there a notification system in place to alert when the price or the number of licenses changes before receiving the invoice?

  5. Can you identify user accounts that haven’t been logged into for more than 4 months, specifically those with licenses?

  6. Is there a mechanism to identify and remove users who no longer work for the company but still have active accounts in the service?

  7. Can you verify that the list of administrators matches the reference document for administrative permissions?

  8. Is there an API or method available to retrieve a list of users, their associated rights, and license information?

  9. Is it possible to extract data from the service if needed for backup or migration purposes?

  10. Can data be migrated to an alternative new account within the same service if required?

  11. Is there a process to migrate data to an alternative new service in case of service discontinuation or migration to a different platform?

Thank you


Welcome to the community!

Many of these answers you’ll find in our documentation. I urge you to browse through it.