This document provides a consolidated set of responses to compliance, security, and governance-related questionnaires for BizTalk360. It is intended to support customer due diligence processes, including security assessments, audit reviews, and regulatory compliance evaluations.
BizTalk360 is designed as an on-premises solution, deployed within the customer’s own infrastructure. As such, our organization does not collect, store, or process customer data outside of the customer’s environment. Customers retain full ownership and control over their data, including its security, storage, and compliance obligations.
1. How is customer data handled?
BizTalk360 is an on-premises solution deployed within the customer’s environment. We do not collect, store, or process any customer data outside of the customer’s infrastructure. All data remains fully under the customer’s control.
2. Are your Organization is ISO 27001 certified?
Yes, we are ISO 27001:2022 certified
3. Has your organization experienced any security incidents in the last three years?
No, our organization has not experienced any security incidents or data breaches in the last three years.
4. Do you have a formal Information Security Program?
Yes, our organization maintains documented Information Security Policies, Standards, and Procedures that govern all aspects of information security management as part of our Information Security Management System (ISMS). These are approved by management, communicated across the organization, and regularly reviewed.
A synopsis of the program is provided, which outlines key aspects including information security governance, risk management, access control, incident management, and compliance requirements.

6. Do you comply with data privacy regulations like GDPR?
Yes, we align with data privacy regulations such as GDPR. Since data resides within the customer’s environment, customers retain full control over compliance.
7. Is information in transit between the customer and your organization encrypted or protected using TLS/SSL or similar technology?
Yes, data in transit between the customer’s infrastructure and our organization’s infrastructure is encrypted using Transport Layer Security (TLS). This ensures that all communications are securely protected against interception and unauthorized access.
9. Do you have Identity and Access Management (IAM) controls?
Yes, we maintain IAM policies including role-based access control, user provisioning and deprovisioning, and periodic access reviews
10. What type of Authentication BizTalk360 supports?
As like BizTalk Server, BizTalk360 supports Windows Integration Authentication (Windows Active Directory)
11.Do you provide and enforce Multi-Factor Authentication (MFA) for accessing your systems and services?
Yes, our organization provides and enforces Multi-Factor Authentication (MFA) options to authenticate and access information within our services. These include methods such as SMS-based verification and authentication tokens for applicable systems.For internal systems, MFA is enforced for all elevated or privileged administrator accounts to ensure secure system management
With respect to the BizTalk360 product, authentication is managed through AD/Windows Authentication. As the solution is deployed within the customer’s environment, MFA enforcement for end users and administrators can be configured and controlled through the customer’s identity and access management systems.
12. Do you perform vulnerability scanning?
Yes, we conduct vulnerability scans every public release and remediate identified issues in a timely manner
13. Do you conduct penetration testing?
Yes, internal penetration testing is performed during every release .
14. Do you have an Incident Management process?
Yes, we have a formal incident management program and incident response plan with defined escalation procedures.
15. Do you provide logging and monitoring?
Yes, logging and monitoring are implemented for internal systems. Customers manage logging within their own environments.
16. Do you have a Change Management process?
Yes, we follow a structured change management process including review, approval, testing, and controlled releases.
17. Do you follow a Secure Software Development Lifecycle (SDLC)?
Yes, we follow a secure SDLC that includes secure coding practices and security validation throughout development.
18. Do you provide Business Continuity and Disaster Recovery (BCP/DRP)?
BizTalk360 operates within the customer’s environment; therefore, BCP and DRP responsibilities are managed by the customer.
19. What network security measures are in place?
We implement strong network security measures including firewalls (Sophos XGS), IDS/IPS, regular patching, and DMZ architecture.
20. What HR security controls are implemented?
All employees undergo background verification, sign NDAs, and receive annual cybersecurity training.
21.Are any Information Security processes outsourced?
No, all Information Security and IT processes are managed internally.
22.Is there an asset management program?
Yes, an asset management program is implemented with defined ownership, periodic review, and control mechanisms.