AgentLens Questionnaire
Home Enterprise Security Subprocessors Questionnaire v2 SLA Legal Pack
Enterprise Security Questionnaire

Standard InfoSec response pack for enterprise procurement

This page provides a concise answer baseline for common buyer security questionnaires. It helps legal, InfoSec, and procurement teams complete first-pass due diligence faster.

Version 1.0 - Last updated: 2026-05-02
12
response sections
Public
security + subprocessor references
Live
governance and compliance routes
Fast
first-pass buyer review flow

Company and Service Scope

  • AgentLens is an LLM observability platform for quality, hallucination, cost, and agent tracing.
  • Delivery model supports managed hosting and self-hosted deployment paths.

Security Program

  • Security contact mailbox: security@agentlens.one.
  • Vulnerability disclosure and triage process is documented and published.
  • Incident handling process and communication templates are maintained.

Access Control and Authentication

  • RBAC baseline roles: admin, analyst, read_only.
  • API requests require valid API key credentials.
  • Admin and governance actions are covered by audit logging.

Encryption and Transport

  • TLS is required for hosted traffic paths.
  • Response hardening includes HSTS, CSP, frame/content protections.
  • Backup storage follows encryption-at-rest requirements.

Auditability and Logging

  • Compliance actions (export/delete/retention) are audit captured.
  • CSV/JSON audit exports support customer review workflows.
  • Trace records support investigation and post-incident analysis.

Data Governance and Privacy

  • PII handling, retention controls, and delete/export flows are documented.
  • Retention warnings are exposed in compliance UI controls.
  • Customer-specific commitments are finalized in contract annexes.

Subprocessors and Regions

  • Public subprocessor register includes purpose and region behavior.
  • Optional integrations are clearly marked as conditional by feature usage.
  • Detailed data-flow context is available in enterprise documentation.

Reliability and Continuity

  • Health endpoints: /healthz, /readyz, /health.
  • Backup/restore process and restore-drill protocol are documented.
  • Uptime workflow supports operational alerting.

Secure Development

  • Controls and policy artifacts are versioned in GitHub.
  • Changes move through pull request workflow and merge history.
  • Phase-3 checklist includes formal change-management hardening.
Enterprise Trust Center Security Trust Page Subprocessor Registry Security Questionnaire Top-30 v2 SLA Commitments Legal Pack Compliance Console Request Full Questionnaire Session