Vendor Security & Risk Responses

At Chinafy, we aim to be transparent with how we operate, secure and manage our cloud services. We understand many of you have a Vendor Risk Management process for cloud services and believe we deliver a great cloud service.

We have implemented a structural controls framework to manage the operations, security and reliability of our cloud services. Many of these controls are externally validated, and some of the controls are internal only.

If your Vendor Risk Management process is based on the Cloud Security Alliance (CSA) - Consensus Assessment Initiative Questionnaire (CAIQ), you can download our pre-completed questionnaire (below). If your Vendor Risk Management process is based on relying on external certification, see the next section about our Compliance certifications. 

If the options below do not answer the questions you have, feel free to contact our Chinafy Support team. 
A comment on the value of compliance
Chinafy has compiled the below questionnaire responses to answer the common questions and formats that we receive from customers. It is worth saying, however, that the questionaires are self-attestation style responses. No independent third party has tested or validated these responses, and so they should not be considered contractual and may be subject to change. 

We are a young company, but understand the importance of external certification. In the future, all of our independently validated, external attestations and certificates can, and will be found on our Chinafy Compliance page. We firmly believe these certifications can and should serve as your primary assurance that we are operating, securing and managing our cloud-services with the interests of our customers in mind. 

If you have any questions about our intended path to Compliance certificates, please ask.
Cloud Security Alliance (CSA) - Consensus Assessment Initiative Questionnaire (CAIQ)
Formed in 2009, the Cloud Security Alliance was a research organization to determine the best practices for secure cloud computing. Over time, the CSA has issued a number of papers and practices on how to secure your cloud, your cloud service, and how evaluate a cloud service provider. 

The CSA Cloud Controls Matrix (CCM) was developed, as well as the CSA Consensus Assessment Initiative Questionnaire (CAIQ), along with the STAR registry to house the completed questionnaires from cloud service providers. 

The CSA is among the best known cloud service frameworks and standards. Chinafy, is not yet a member. We have filled out the CAIQ v3.0.1 nonetheless in anticipation of seeking membership in due course. 

Please reach out to us if such document will with your vendor approval process. 

Fast track your vendor security assessment

Transparency is key to our security philosophy. That's why we partner with the Cloud Security Alliance (CSA) to make our Consensus Assessment initiative Questionnaire (CAIQ) publicly available.

Report a Vulnerability

Chinafy encourages customers and the security research community to report vulnerabilities in our product to us.

Notey will use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to hear from us:

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.