>>>what kind of security process is there to insure no cyber threats?
>
>Dmitry, not sure what services you plan to provide. Will you be hosting customer data? Or is he concerned you might distribute apps carrying virus or other payload? Will you have remote access to his servers or systems?
>
>I have customers with very strong security concerns, especially after embarrassing and expensive breaches by competitors. I'd advocate a 3 pronged approach:
>
>1) Apps: do you have a signing certificate? Signing ensures that viruses and other sneaks can't quietly latch onto your work. Windows makes it easy for the customer to validate the signature to ensure that the app hasn't been altered since you compiled it.
>2) Infrastructure: internally you have standard firewalling routers with most ports closed, proven paid security software on all machines inside the firewall, and all the standard security measures. Regular scans etc etc. Does he have anything specific that he'd like to see? Otherwise you're sufficiently confident that if he'd like to send a security consultant to overview, you're more than happy to host them.
>3) Remote Access: if involved, you do need some sort of policy involving access so that malicious people can't use you as a Trojan Horse into their systems. If they're very concerned, you might suggest use of Gotomeeting sessions where his own staffer gives you control of his screen so you can do your work under supervision. The Gotomeeting sessions are one-offs with no other access into his system. Offer it as an option if there's particular sensitivity, otherwise standard password management for remote access.
>
>My experience so far is that people want to see that you've thought about these things and have protective policies, rather than que sera sera.

First, thank you for your input. I am not hosting the data; everything is on the customer site. I think I will take from your input the items such as
-- internally you have standard firewalling routers with most ports closed
-- proven paid security software on all machines inside the firewall
-- Regular scans etc etc

I think the biggest issue that this guy sees is that I am a one-man shop. And I understand him. Others see it too buy choose to close their eyes because I am cheap and provide good services. We will see.
Thank you.