# Security questionnaire template

1. Question: Is production data encrypted? Answer with cited policy and cloud evidence.
2. Question: How is access reviewed? Answer with owner, cadence, evidence source, and last reviewed date.
3. Question: Do you have a DPA? Link DPA, subprocessors, and Annex II safeguards.
4. Question: How do you handle incidents? Link incident response policy and notification boundaries.
5. Review fields: confidence, reviewer, status, citation, expiry, and reusable-answer owner.

Generated by PrivaBase. This template is educational and not legal advice.