Security questionnaire answers for your StillOnline status page
B2B buyers send security questionnaires asking for a public status page, monitoring, and incident communication. You do not need SOC 2 on day one — you need accurate, short answers that match what you actually ship.
StillOnline provides external HTTP/SSL probes, a hosted public page at stillonline.tech/s/{id}, incident history, and owner alerts (email, Telegram bot, Slack). Subscriber emails use Google sign-in on the public page — separate from owner channels.
Quick answer
For “Do you maintain a public status page?” answer Yes and link your StillOnline URL. For monitoring, state external synthetic HTTP checks every 5 minutes on Free ( 60–300 s on Pro) from StillOnline’s probe network — architecture. For incident comms, describe manual incident posts on the page plus email subscribers. Do not claim SOC 2, custom status domains, or native Discord unless true. Data: subscriber emails are collected via Google OAuth for notifications only — point to your privacy policy.
Common questions → honest answers
| Question | Suggested answer |
|---|---|
| Public status page URL? | https://stillonline.tech/s/{your-id} — findability |
| External monitoring? | Yes — third-party HTTP probes (StillOnline) on production health URL |
| Internal vs external? | External; we do not rely solely on in-app heartbeats |
| Incident notification to customers? | Status page updates + optional email subscribe on page; separate owner on-call alerts |
| Uptime history retention? | 24h Free · 90 days Pro/Ultimate on hosted page |
| Custom domain for status? | No — hosted StillOnline URL (v1) |
| Pen test / SOC 2? | Answer only what you have; status page ≠ certification |
Reference NIST SP 800-61 if asked how you communicate during incidents — status page + subscriber email fits “coordinated response.”
Align with B2B trust guide and uptime % without SLA. For subscriber data handling, reference Google Identity sign-in scope — notifications only, not marketing use.
What to attach
- Screenshot of green status + incident history (Pro for longer window).
- Link to health endpoint design.
- One paragraph on probe location — single external network today; not multi-region mesh — multi-region.
StillOnline facts for forms
| Fact | Value |
|---|---|
| Probe interval (Free) | 300 s (5 min) |
| Fail threshold → DOWN | 2 consecutive failures |
| Owner alert channels | Email, Telegram bot, Slack — Free 1 channel; Pro all three |
| Status page hosting | StillOnline SaaS (stillonline.tech) |
| API for automation | Pro/Ultimate REST + MCP — MCP guide |
Related guides
FAQ
Does StillOnline fill security questionnaires for us?
No. You paste accurate answers; we provide the hosted page and monitoring.
Are subscriber emails stored by StillOnline?
Google sign-in for subscribe on public pages; describe in your privacy policy — not marketing list.
Can we use a private status page in questionnaires?
Offer public URL for buyers; Pro private page for internal staff — public vs private.
HIPAA / PCI on status page?
StillOnline is availability monitoring, not PHI/cardholder data processing — answer scope honestly.