I am currently writing the "Restier of Reiquirements" document for my company. I am using conformio for this, in which we can specify whether we are compliant to the said requirements. So this got me thinking about the following.
Some client(s) require my company to pay some form of indemnity in case of data breah or any sort of security issue.
Is the above considered a requirement? I mean we can't relly comply to it unless we have a security issue and actually have to pay the indemnity.