Security questionnaire

First-pass answers for xEvolve security reviews.

Use this page to start procurement, vendor-risk, and regulated file-transfer reviews before a pilot. Final answers should be confirmed against the buyer's deployment scope.

Request review Run audit tool

Identity and access

SSO

Microsoft Entra ID SSO is part of the product direction for enterprise deployments.

MFA

MFA support is documented in the product posture; buyer pilots should verify enforcement policy for their tenant.

Roles

Access should be scoped by room, flow, role, and counterparty instead of shared MFT credentials.

Admin evidence

Admin activity should be logged and exportable for security review.

Data protection

Transport encryption

File exchange should use TLS, SFTP, or HTTPS transport depending on the connected protocol.

Storage encryption

Storage encryption depends on the selected storage provider and deployment shape; ownership is documented during pilot scoping.

Secrets

Secrets and connection credentials should stay in managed secret stores or customer-controlled infrastructure.

Customer data

Customer data is used to provide file-transfer workflows, support, billing, investigation, and product analytics. It is not sold.

Operations and resilience

Monitoring

The public status page checks the live API health endpoint and links support/escalation paths.

Audit logs

Transfer, access, approval, and admin activity should be logged as reviewable operational evidence.

Incident handling

Customer-impacting incidents should include start time, component, impact, mitigation, owner, and follow-up actions.

Exit support

DORA Article 28 reviews should document export paths, retained logs, alternate routes, and migration sequence.

Compliance mapping

DORA

Use xEvolve evidence for ICT risk management, third-party file-transfer review, exit planning, and operational resilience conversations.

NIST CSF 2.0

Map file movement and ownership to Govern, Protect, Detect, Respond, and Recover outcomes.

CIS Controls

Map access control, data protection, audit-log management, malware inspection, and service-provider management evidence.

Legal review

This questionnaire is operational evidence, not legal advice or a compliance certification.

Evidence links

Trust center Status page DORA evidence page Article 28 checklist MFT security audit security.txt

Next review step

Send the buyer's questionnaire, required control framework, and intended transfer workflow. xEvolve can then answer with deployment-specific evidence and pilot acceptance criteria.

Send questionnaire