AgentLens Questionnaire v2
Home Enterprise Security Legal Pack
Top-30 Security Questionnaire Responses

Enterprise-ready baseline answers for procurement and InfoSec teams

This v2 page answers the most common 30 security questionnaire prompts in concise format to accelerate first-pass security and legal review cycles.

Version 2.0 - Last updated: 2026-05-02
30
standardized Q&A responses
6
question categories
Public
cross-referenced trust artifacts
Fast
first-pass buyer review support

Governance and Program (Q1-Q5)

Q1. Formal security policy?
Yes. Public baseline is available at /security.
Q2. Security contact channel?
Yes: security@agentlens.one.
Q3. Incident response process?
Yes. Severity, escalation, and communication process is documented.
Q4. Vulnerability disclosure process?
Yes. Intake and triage are formally defined.
Q5. Security control review cadence?
Controls are maintained through a versioned enterprise readiness roadmap.

Identity and Access (Q6-Q10)

Q6. Role-based access?
Yes. Baseline roles: admin, analyst, read_only.
Q7. API authentication?
API access requires valid API key credentials.
Q8. Privileged action tracking?
Yes. Governance-critical actions are audit logged.
Q9. SSO support path?
OIDC-first SSO direction is documented for enterprise rollout.
Q10. Least privilege baseline?
Role boundaries are defined and used as enforcement baseline.

Platform Security and Encryption (Q11-Q15)

Q11. Encryption in transit?
Yes. TLS is required for hosted service traffic.
Q12. Security headers?
Yes. CSP, HSTS, frame/content protections and related headers are applied.
Q13. Backup encryption?
Backup storage follows encryption-at-rest expectations.
Q14. Abuse controls?
Request-size and defensive protections are applied on relevant endpoints.
Q15. Health endpoints?
Yes: /healthz, /readyz, /health.

Audit, Monitoring, and Reliability (Q16-Q20, Q26-Q28)

Q16-Q18. Audit exports and traces?
Audit logs are exportable (CSV/JSON) and trace records support investigations.
Q19-Q20. Monitoring and incident updates?
Uptime monitoring and SLA-based communication cadence are in place.
Q26-Q27. Recovery and restore testing?
Baseline targets: RPO <= 24h, RTO <= 60m; restore drill protocol exists.
Q28. SLA availability?
Public SLA summary is available at /sla.

Data Processing and Privacy (Q21-Q25)

Q21-Q23. PII, retention, deletion/export controls?
Documented PII policy and compliance workflows support retention and governance operations.
Q24-Q25. Subprocessor transparency and data flow?
Public subprocessor register and detailed flow notes are maintained.

Procurement and Contracting (Q29-Q30)

Q29. Legal/security procurement package?
Yes. Consolidated at /legal-pack.
Q30. Tailored questionnaire support?
Yes. Baseline answers are adapted to customer-specific formats during review sessions.
Security Questionnaire v1 Legal Pack SLA Request Questionnaire Review Session