TrustDesk

Sample

What Mara returns

This mock answer pack (fictional company, no customer data) shows how TrustDesk handles a questionnaire when source material is available but incomplete. Gaps are flagged, never papered over.

14questions received
10drafted from evidence
3need confirmation
1missing evidence
Question Draft answer Evidence Confidence Status
Do you maintain a written information security policy? Yes. A written information security policy covers access control, data protection, incident response, vendor management, and employee responsibilities. Reviewed at least annually. Information Security Policy, §1, §8 High Ready for approval
Do you enforce MFA for administrative access? Multi-factor authentication is enforced for administrative access to production, cloud, and identity systems. SOC 2 summary, logical access controls High Ready for approval
Do you have a documented incident response process? Yes. A documented process covers triage, containment, investigation, communication, remediation, and post-incident review. Incident response policy excerpt High Ready for approval
What is your customer breach notification timeline? The DPA states customers are notified without undue delay after confirmation of a security incident affecting customer personal data. Data Processing Addendum, security incident section Medium Customer legal approval recommended
Do you conduct penetration testing? No answer drafted. The provided materials do not confirm whether testing is performed. No supporting source found Low Needs evidence

Needs confirmation

Vulnerability scan cadence, production hosting region, and legal-approved breach notification wording.

Missing evidence

Penetration testing cannot be answered safely without a source, attestation, or approved "not performed" response.

Reusable library

Approved access control, encryption, and incident response answers become answer-library seeds for the next review.