Our company is SOC2 compliant and we are being asked due to the changes in SOC2 to have the following questions answered. We have not been able to get answers from Gurock/TestRail and I am wondering if anyone else is having this issue or if anyone else has received answers? Any help is greatly appreciated!!
- Has their security policy changed since March of 2016? Is it reviewed on a regular basis?
- Are TestRail employees required to use 2-factor authentication to access the production environment? (we want to know if the answer to this has changed since last year)
- Does the application support 2-factor authentication for our access to the services? They said this was on their feature request list. Has it been implemented?
- Do you have a status page for notifying customers of any interruption of service:? Last year they said this was on the to do list, has it been implemented?
- What is the timeframe in which you notify customers of security incidents which may affect their data and/or services? How does that notification occur? (has their answer changed since last year?)
- They said they never delete our backup data in 2016. Has this changed?