4b. Infosec Questionnaire
Complete the Information Security self-assessment questionnaire required before JPSL can process live payments on your behalf.
Part of: Stage 4 — Application Details
Other sections: Adding Signatories · Document Repository
As a regulated payment company, JPSL is required to assess the security posture of every merchant's IT infrastructure before processing live financial transactions on their behalf. This section is a structured self-assessment questionnaire.
What the Questionnaire Covers
Questions are grouped around these security control areas:
- SSL / TLS certificate status on your checkout and payment pages
- Storage of payment card data (raw card numbers, CVVs, etc.)
- Firewall and network access controls
- User access management and privileged account controls
- Incident response procedures
- PCI-DSS compliance status (if applicable)
- Vulnerability Assessment and Penetration Testing (VAPT) reports
Glossary of Terms
Use these plain-language definitions if a questionnaire item includes a technical term.
| Term | What it means |
|---|---|
| Encryption at Rest | Data is protected while it is stored in a database, server, device, or backup file — not only while it is being sent over the internet. |
| SSL / TLS certificate | A digital certificate that enables HTTPS and encrypts data sent between your website and the user's browser. |
| Firewall | A security control that restricts who and what can access your systems or network. |
| Privileged account | A user account with elevated access, such as the ability to change settings, manage servers, or view sensitive data. |
| Incident response | The steps your business follows to detect, investigate, contain, and recover from a security issue. |
| PCI-DSS | Payment Card Industry Data Security Standard — a security standard for businesses that store, process, or transmit card data. |
| VAPT | Vulnerability Assessment and Penetration Testing — a security review that identifies weaknesses and tests whether they can be exploited. |
Step 4b.1 — Answer Every Question
- Navigate to the Infosec tab on your Application Status Dashboard.
- Read each question carefully.
- Select Yes, No, or N/A for every question without exception.
🔴 Critical: The Save Button Will Not Activate Until Every Question Is Answered If the Save button is greyed out, at least one question does not have a radio button selected. Scroll through the entire questionnaire to find unanswered items. There is no summary of skipped questions — you must scroll manually.
Step 4b.2 — Fill In Mandatory Remarks
For every question where you answer "No" or "N/A" on a standard security control, you must type an explanation in the Remarks field below that question.
The remarks field is not a checkbox — it requires actual text.
Example answers that are acceptable:
| Question | Answer | Acceptable Remark |
|---|---|---|
| Do you store raw credit card numbers? | No | "We do not store card data. All payment processing is handled entirely by JPSL's SDK. No card data touches our servers." |
| Do you have an active VAPT report? | N/A | "We are a SaaS business with no direct card-holder data environment. VAPT is not applicable to our infrastructure." |
| Do you have PCI-DSS certification? | No | "We are not PCI-DSS certified. We rely on JPSL's certified payment infrastructure for all card data handling." |
Step 4b.3 — Upload Evidence (Where Prompted)
Certain questions may display an upload icon when answered "Yes". These require supporting evidence:
| Document Type | When Required |
|---|---|
| PCI-DSS Level 1 Compliance Certificate | If you have PCI-DSS certification |
| VAPT Report (recent) | If you conduct regular penetration testing |
| SSL Certificate details | If prompted for proof of HTTPS on payment pages |
Click the upload icon next to the relevant question and attach the file.
Step 4b.4 — Save the Questionnaire
Click Save at the bottom of the form. You will see a confirmation message once the data is stored in the database.
⚠️ Do Not Navigate Away Before Saving Your responses are not auto-saved on this form. If you navigate away without clicking Save, all your answers will be lost and you will need to redo the questionnaire.
What Happens Next
Once saved, the Infosec tab displays the green "Complete" badge.
Return to the Application Details section and check:
- Stage 4a: Adding Signatories — must show Complete
- Stage 4c: Document Repository — must show Complete
All three must be complete before proceeding to Stage 5: Final Submission.
Common Issues
| Issue | Resolution |
|---|---|
| Save button is grayed out | Find and answer every unanswered question. Also check that all "No"/"N/A" Remarks fields have text. |
| Unsure how to answer a question | Answer based on your actual current practice. If the control does not apply to your business, select N/A and explain why in the Remarks. Do not leave it blank. |
| Evidence upload fails | Check that the file is under 5 MB and in PDF, JPEG, or PNG format. |
Updated about 9 hours ago