Security Questionnaire
Cichocki Advisory completes vendor security questionnaires as part of procurement onboarding. Mutual NDA executes before any response leaves; responses are written by Jan Cichocki personally and returned within five business days of NDA + scope confirmation.
Accepted questionnaire formats
We respond to standard procurement formats or your vendor's own template. Click any format for details.
Send the blank questionnaire as an attachment in your initial request. We’ll confirm scope and timeline before starting.
What our response includes
Where applicable to the chosen questionnaire format. Click any item for details.
How the workflow runs
Request
Submit via the security materials request form or your procurement portal. Attach the blank questionnaire and note your deadline.
NDA & scope
Mutual NDA executes before any response content is shared. Scope is confirmed: advisory engagement type, expected sensitive materials, target dates.
Response drafted
Questionnaire is completed by Jan Cichocki personally. Any items requiring external attestation or third-party review are marked as such, not asserted.
Delivery & review
Response delivered with companion artifacts on request (COI, DPA template, subprocessor list). Clarification questions answered within one business day.
What we don’t claim
Cichocki Advisory does not hold a third-party SOC 2 Type II attestation, ISO/IEC 27001 certification, or formal pen-test report unless explicitly stated in the response. Our control set is mapped to SOC 2 Trust Service Criteria; documentation describing that mapping is available under NDA.
We respond to every questionnaire item with one of: yes (with control reference), no (with explanation), partial (with scope), or not applicable (with reason). We do not fabricate "yes" answers to questions where the control isn’t implemented at our scale.
