Prospect FAQ: Everything You Need to Know

General Questions

1 What technologies and version control systems does Factech use?

2 What type of database does Factech use?

3 How are bugs tracked and resolved?

4 Does Factech provide API access, If yes is there any conditions to use it?

5 Which programming language is the system built on?

6 What is the system and server downtime?

7 What security measures are in place?

8 How resource-intensive is the system on PCs, laptops, and mobile devices?

9 What are the minimum phone Android/iOS versions required to run the Factech app

10 How many servers does Factech operate?

11 What certifications does the system hold, and how is data privacy ensured?

12 How scalable is the product for high traffic or data load?

13 How are security incidents and breaches handled?

14 Is there an incident response and recovery plan?

15 Is our data backed up regularly?

16 What happens to our data if we stop using the service?

17 How do you manage system updates and version control?

18 How secure are your API endpoints?

19 Can we choose the data center location (for compliance reasons)

20 How do you handle disaster recovery and failover?

————————————–

What SaaS Cloud based Security measures are taken care of?

Cloud Network Security

Security & Access Control

1. Are all network settings and configurations kept secure and regularly updated?

Yes.

2. Is access to your cloud infrastructure limited only to the people who are directly managing or maintaining our systems?

Yes.

3. Do you have protections in place against threats like phishing, viruses, and hacking?

Yes.

Monitoring & Protection


4. Do you keep records (logs) of system activity so that any suspicious or unauthorized behavior can be detected?

Yes.


5. Have you set up alerts to warn if there’s any potential threat or unusual activity in our cloud systems?

Yes.


6. Do you use tools to constantly watch over and analyze the network traffic and activity in your cloud system?

Yes.

Data Protection


7. Is the data that’s sent between your cloud services and our users protected with secure communication methods like TLS or SSL?

Yes.


8. Do you use encryption to protect sensitive information while it’s being sent over the internet?

Yes.

DDoS Attack Prevention


9. Do you have any protections in place to stop or reduce the impact of Distributed Denial of Service (DDoS) attacks that could try to overwhelm the system?

Yes

Access Control & User Management

User Permissions & Access Control

1. Do users only have access to the systems or data they need to do their job — and nothing more?

Yes.

2. Is there a system in place to make sure our data isn’t accidentally shared with other companies or customers on the cloud?

Yes.

3. Are responsibilities and access separated so that no single person has full control over critical functions?

Yes.

Monitoring & Reviews

1. Is access by users with special permissions (privileged users) being tracked and monitored?

Yes.

2. Are regular checks done to review who has access to cloud systems and whether their access is still needed?

Yes.

3. Are changes to user permissions or system settings being logged and reviewed?

Yes

Security Measures

1. Are strong password rules followed on all cloud systems, similar to CCIL’s standards?

Yes.

2. Is multi-factor authentication (like OTPs or authentication apps) required for users who access cloud systems?

Yes.

3. Are users automatically logged out if they are inactive for a certain amount of time?

Yes.

Cloud Data Security

Data Backup & Retention

1. Is data on the cloud regularly backed up according to a set schedule?

Yes.

2. Are old or unneeded copies of data stored in different locations properly deleted when they are no longer needed or when requested by CCIL?

Yes.

3. Is there a clear plan for how long data should be kept and when it should be destroyed?

Yes.

Data Protection & Risk Management


4. Is any sensitive or critical data assessed for risk before storing it in the cloud?

Yes.


5. Are there controls in place to protect against accidental data leaks or breaches?

Yes.


6. Is all data both stored (at rest) and being transferred (in transit) encrypted, depending on its importance or type?

Yes.

Operational Security


7. Does the cloud service provider have processes for managing changes, keeping systems running smoothly, and protecting against viruses or malware?

Yes.


8. Is logging and monitoring of activities on cloud systems being done regularly?

Yes.


9. Do cloud systems include features like backup and capacity management to handle increased demand or issues?

Yes.

End-User Security


10. Are users required to have antivirus or anti-malware software installed on their devices before they connect to cloud systems?

For anyone with privileged access (our staff/admins): Yes—EDR/anti-malware is mandatory and enforced.
For regular end-users of the SaaS via browser: Not required by default, but strongly recommended;

 

——————-