Security certifications (SOC 2 Type II, ISO 27001, FedRAMP) - Security questionnaire responses (SIG Lite, CAIQ) - Independent penetration test results - Incident history and response track record - Business continuity and disaster recovery plans