My very small company uses Dropbox for our work files storage. We have been asked by a new customer IT audit to provide evidence of "our" penetration testing (how often done, provide a redacted report if we're using a 3rd party provider for our data storage) and vulnerability management practices. I am trying to find anything specific to these topics that Dropbox does on a daily or continuous basis, so I can reply to the survey. We don't do these things for ourselves and have told the new customer that we use a 3rd party provider to store data. Thanks for any help!
