Vendor Onboarding Forms/Security Questionaires

Over time, it has become more and more common for customers and potential customers to use Vendor Onboard Forms and Security Questionaires. Some of these are very simple with just some official company and banking details and some are very detailed with lots of questions. This article outlines what's required in regards to this from a LiquidFiles perspective.

LiquidFiles Internal Information

We don't disclose any LiquidFiles internal information such as turnover, number of staff, number of customers or anything similar. If you have a form with that asks any questions like this, we require that these fields are either marked as optional, or if there's dropdown options that there's an option to select "not applicable" or similar.

We will not fill something in just to satisfy your form validation. If you require something to be filled in that we can't we will stop the submission and ask that you remove the requirement.

LiquidFiles Personal Information

Same as above, we don't provide personal information about anyone within LiquidFiles. You can use "Support" as a name and support@liquidfiles.com as an email. We don't provide any phone numbers.

We will not fill something in just to satisfy your form validation. If you require something to be filled in that we can't we will stop the submission and ask that you remove the requirement.

Security Questionaires

When we see Security Questionaires they are (almost) always targeted towards Cloud based solutions, which is not applicable to LiquidFiles. LiquidFiles is a product vendor only. We sell you the product, you install and manage this yourself (or get someone to install and manage it for you). Any question in regards to management of the product, the staff that's managing the product cannot be answered by us because we simply don't do that for you. Any question in regards to how LiquidFiles is configured can also not be answered by us because with LiquidFiles being a product and not a service we have no visibility of how you have actually configured LiquidFiles. Please see the example questions below for some example responses.

From our experience there will likely be a small portion of (technical) questions that are relevant to non-cloud solutions such as LiquidFiles and we can actually answer. Perhaps a question like "can we require that all System Administrators use Strong Two-Factor Authentication?" and the answer will be something like "yes, you can require all System Administrators to use Strong Two-Factor Authentication. This is configured in Admin → Groups". But as soon as the question is stated as "are all System Administrators configured with Strong Two-Factor Authentication?" we cannot answer it because we have no visibility of how you've actually configured it. We can only speak to the capabilities of the product and the default values, not how you've configured it.

So while we can fill in any required forms, please be aware that if your security questionaire is targeted towards Cloud based solutions, there will be a lot of answers with variations of this is Not Applicable as LiquidFiles is not a Cloud Service.

Cost/Fee

Shorter forms, 15 questions or less (excluding company details), that are sent in a spreadsheet, PDF or other type that can be filled out off-line, we are happy to do this free of charge.

If you send an online form that requires login, have more than 15 questions or has more questions that can be filled in on a single page, we will charge an upfront fee of USD$500 that covers the first 2 hours. If the fom takes longer than 2 hours to fill in, we will make an estimate how long it will take from then on and charge an additional USD$200/hour after that.

Before filling out any online form, you will also need to agree to either allow the form validation to skip questions that we cannot answer (because we don't manage your LiquidFiles installation), ensure that every questions has a "not applicable" option or be aware that unless we can answer a specific question accurately and truthfully with the available options — we will stop and prompt you to add a "not applicable" option to questions that we cannot answer (because we don't manage your LiquidFiles installation).

An example of such a question would be: "What are the certifications held by the SOC?". If the available options does not include "Not Applicable" or the question can be skipped, we will stop and get you to either remove the requirement to fill this in or add a "Not Applicable" option. And just for clarification, the reason this is not applicable for LiquidFiles is that we don't manage yours or anyone elses LiquidFiles installation. This question will need to be asked to whomever is managing your LiquidFiles installation. Not the product vendor.

The reason we are charging for online forms is that it's impossible for us to scale this. When we spend two hours developing the product or update the documentation or anything like that, it benefits most/all customers. If we spend 2 hours filling out a Security Questionaire for you, that benefits exactly zero other customers and why we feel it's not justifiable spending a lot of free time doing that.

Example Responses

We will only answer questions relating to your LiquidFiles installation. We won't answer questions about LiquidFiles internal system, procedures or processes.

We have included some examples of common questions. In our experiences, as detailed above, most if not all of these questionaires are targeted towards cloud service companies and not product vendors that don't manage customer installations.