Screen Vendor Security
Forward a vendor's security docs or questionnaire responses; get a risk assessment with flagged concerns and follow-up questions.
Draft an email
Subject
Fwd: Security questionnaire responses from Luminary Analytics
Luminary Analytics is the vendor we are evaluating for our customer data analytics platform. They will have access to our full customer database including PII. Procurement wants to sign by end of month. Can you evaluate their security responses and tell me what to push back on?
---------- Forwarded message ----------
On Wednesday, March 5, 2026, Devon Park devon.park@luminaryanalytics.io wrote:
Please find our responses to your security questionnaire below.
Data Encryption: All data is encrypted using industry-standard encryption methods both at rest and in transit.
Access Control: We implement role-based access controls and require multi-factor authentication for all employees. Access reviews are conducted periodically.
Incident Response: We maintain an incident response plan and conduct regular testing. Our average breach notification time is within regulatory requirements.
SOC 2: We have completed a SOC 2 Type I audit. Type II is currently in progress and expected by Q3 2026.
Data Residency: Customer data is stored in data centers located in the United States. We may use subprocessors for certain functions.
Data Retention: Customer data is retained in accordance with our data retention policy and applicable regulations. Data can be deleted upon request.
Business Continuity: We maintain business continuity and disaster recovery plans with regular testing. Our target RTO is 24 hours.
Penetration Testing: We conduct annual penetration tests through a qualified third-party firm. Results are available upon request under NDA.
Background Checks: All employees undergo background checks prior to employment.
Let me know if you need any additional information.
Devon Park
VP of Security, Luminary Analytics
---------- Forwarded message ----------
On Wednesday, March 5, 2026, Devon Park devon.park@luminaryanalytics.io wrote:
Please find our responses to your security questionnaire below.
Data Encryption: All data is encrypted using industry-standard encryption methods both at rest and in transit.
Access Control: We implement role-based access controls and require multi-factor authentication for all employees. Access reviews are conducted periodically.
Incident Response: We maintain an incident response plan and conduct regular testing. Our average breach notification time is within regulatory requirements.
SOC 2: We have completed a SOC 2 Type I audit. Type II is currently in progress and expected by Q3 2026.
Data Residency: Customer data is stored in data centers located in the United States. We may use subprocessors for certain functions.
Data Retention: Customer data is retained in accordance with our data retention policy and applicable regulations. Data can be deleted upon request.
Business Continuity: We maintain business continuity and disaster recovery plans with regular testing. Our target RTO is 24 hours.
Penetration Testing: We conduct annual penetration tests through a qualified third-party firm. Results are available upon request under NDA.
Background Checks: All employees undergo background checks prior to employment.
Let me know if you need any additional information.
Devon Park
VP of Security, Luminary Analytics
.svg)
What is via.email?
AI agents that each lives at an email address. Just send an email to get work done. No apps. No downloads.
.svg)
How to use?
Send or forward emails to agents and get results replied. Try it without registrations. Join to get free credits.
Is it safe?
Absolutely, your emails will be encrypted, deleted after processing, and never be used to train AI models.
More power?
Upgrade to get more credits, add email attachments, create custom agents, and access advanced features.
Make email work for you.
Your first agent awaits - just one email away.
Try for free
join@via.email
Type name in subject and send.
