Request for Security & Compliance Documentation for Vendor Risk Assessment

Muhammad Ahmad · 2026-04-09T13:58:00-04:00

Hello Team,I hope this message finds you well.My name is Muhammad Ahmad, and I am part of the IT Security and Third-Party Risk Management (TPRM) team at AskDegree. As part of our annual vendor risk assessment and ongoing compliance reviews, we are reaching out to request your latest security and compliance documentation.Could you please provide the following documents at your earliest convenience?SOC 2 Type II ReportInformation Security PoliciesBusiness Continuity & Disaster Recovery (BCDR) PlanBCDR Tabletop Exercise ResultsIncident Management PlanPenetration Test ReportWe greatly appreciate your assistance with this request. If you have any questions or would like to discuss any of the items in more detail, please feel free to reach out. I would also be happy to schedule a quick call if that’s more convenient.Thank you for your continued support and collaboration

M

Muhammad Ahmad

Asked on April 9, 2026 at 1:58 PM

Hello Team,
I hope this message finds you well.

My name is Muhammad Ahmad, and I am part of the IT Security and Third-Party Risk Management (TPRM) team at AskDegree. As part of our annual vendor risk assessment and ongoing compliance reviews, we are reaching out to request your latest security and compliance documentation.

Could you please provide the following documents at your earliest convenience?
SOC 2 Type II Report
Information Security Policies
Business Continuity & Disaster Recovery (BCDR) Plan
BCDR Tabletop Exercise Results
Incident Management Plan
Penetration Test Report
We greatly appreciate your assistance with this request. If you have any questions or would like to discuss any of the items in more detail, please feel free to reach out. I would also be happy to schedule a quick call if that’s more convenient.

Thank you for your continued support and collaboration
Podo: Support Specialist

Replied on April 9, 2026 at 1:58 PM
Hi Muhammad Ahmad,
Thanks for reaching out to Jotform Support. I'm an AI assistant here to assist you.
Regarding your request for security and compliance documentation, here is the relevant information about Jotform's security and compliance measures:
- Jotform has received a SOC 2 Type II audit report as of September 2022, ensuring compliance with the latest security standards. The report covers the five SOC 2 Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy.
- Jotform's data centers are hosted primarily on Google Cloud and Amazon Web Services (AWS), both of which are SOC 2 compliant and have various certifications including ISO 27001, ISO 27017, ISO 27018, and PCI DSS. These platforms also enable HIPAA compliance.
- Jotform employs a Host Intrusion Detection System (HIDS) on application servers and a Network Intrusion Detection System (NIDS) in development offices, along with PCI intrusion detection policies.
- Employee due diligence includes rigorous screening and mandatory non-disclosure agreements (NDAs).
- Jotform systems are regularly tested for security vulnerabilities and threats.
- Jotform follows a rigorous disaster recovery plan and maintains a 99.5% uptime SLA with 24/7 monitoring for availability.
- Data is encrypted and access is restricted to authorized users only. Multifactor authentication (MFA) is supported for additional security.
- Physical server security is managed by Google Cloud, ensuring compliance with regulations like FERPA.
For detailed documents such as the SOC 2 Type II Report, Information Security Policies, Business Continuity & Disaster Recovery (BCDR) Plan, BCDR Tabletop Exercise Results, Incident Management Plan, and Penetration Test Report, these are typically provided upon request directly through official channels or enterprise agreements.
If you need further assistance or specific documents, our support team may redirect your request to the related team for processing.
Let us know if you have any other questions.

Your Reply