A client of ours is asking for:
we of course have already redirected them to your documentation about GDPR, explained how we implement role based access, etc. - but we are unable to move forward without this information or documents
would you be able to help us out or point us in the right direction?
Here are a couple of the topics with almost the same question.
I think they will be helpful.
thank you Oleg, I am familiar with these posts.
I would still need to provide documents, such as results of penetration tests and / or the impact assessment.
How could I proceed regarding those?
thank you for your help
In other words you ask whether we ordered in some other third party to hack us, and is the results of that process are published somewhere?
correct, or how I can get that information to provide to our client, as otherwise they would not trust the service
You are welcome to hire your own auditor to perform penetration tests.