Tell us about your organization so we can customize a security proposal that fits your operational footprint, risk profile, and budget.
Entity name
Primary trading name (if different)
Industry vertical
Warehousing & Logistics
Manufacturing
Retail & Hospitality
Corporate Office
Healthcare
Education
Government
Mixed-use facility
Other:
Full address of primary site requiring service
Street address
Street address line 2
City
State/Province
Postal/Zip code
Approximate total floor area (m²)
Number of locations to be covered
1
2–5
6–20
21–100
100+
Primary contact full name
Job title
Business email
Direct phone with country code
Are you the final decision maker for security procurement?
Thank you. We will address all communications to you.
Name and email of approver
Understanding existing measures helps us identify gaps, avoid duplication, and integrate new systems seamlessly.
Existing security layers (select all active)
24/7 manned guarding
CCTV (analog)
CCTV (IP)
AI analytics
Perimeter intrusion detection
Biometric access control
RFID/smart-card access
Alarm monitoring service
Cybersecurity SOC
None
Have you experienced a security breach in the past 24 months?
Briefly describe the incident, impact, and lessons learned
Rate the effectiveness of current measures
Very Poor | Poor | Adequate | Good | Excellent | |
|---|---|---|---|---|---|
Deterrence of unauthorized entry | |||||
Detection speed | |||||
Evidence quality for investigations | |||||
Operator workload | |||||
False-alarm rate |
Biggest pain point with current setup
Accurate threat modeling ensures we recommend the right technology stack and service level.
Primary threats of concern
Theft of high-value stock
Insider pilferage
Vandalism/graffiti
Trespassing after hours
Workplace violence
Corporate espionage
Cyber-physical attacks
Regulatory non-compliance
Operational hours
24/7
Shift-based (3 shifts)
Shift-based (2 shifts)
Day shift only
Seasonal
Do you store hazardous or high-value materials on-site?
Describe material type, quantity, and storage conditions
Maximum acceptable downtime for critical cameras (hours)
0 (redundant required)
<1
1–4
4–24
>24
Risk tolerance (1 = risk-averse, 5 = risk-neutral)
Specify camera, sensor, and access-control coverage so we can design a gap-free solution.
Number of indoor cameras required
Number of outdoor cameras required
Require AI analytics (people/vehicle counting, loitering, line-cross)?
Select AI features of interest
Facial recognition
License-plate recognition
Object left/removed
Crowd formation
Heat-map generation
PPE compliance
Social-distance monitoring
Need thermal imaging for perimeter or temperature screening?
Purpose and expected temperature range
Preferred camera resolution
1080p
4 MP
4K (8 MP)
12 MP+
Let vendor decide
Require biometric access control?
Biometric modalities
Fingerprint
Finger-vein
Iris
Face
Palm
Multi-factor
Number of doors requiring electronic access control
Need mobile credentials (phone/watch) instead of cards?
Preferred mobile platform
iOS/Android native
Wallet pass
Both
Require integration with elevators, turnstiles, or parking barriers?
List equipment brands/models if known
Security data is sensitive. Clarify retention, export, and deletion expectations early to avoid compliance gaps.
Minimum video retention period required (days)
Need redundant off-site backup?
Backup location preference
Vendor cloud
Own data center
Hybrid
Video export format requirement
Native + watermarked
MP4
AVI
Both native and MP4
No preference
Must footage be encrypted at rest?
Encryption standard
AES-128
AES-256
Custom:
Require audit trail for who views or exports footage?
Retention period for audit logs (years)
Need automatic deletion after retention expires?
Require secure wipe (DoD 5220.22-M standard)?
Do you operate in jurisdictions with biometric data laws?
List applicable regulations (e.g., GDPR, CCPA, PIPEDA)
IP cameras and IoT devices expand the attack surface. We need network details to harden endpoints.
Network ownership
Corporate IT manages
Facilities manage
Third-party ISP
Hybrid
Have an existing network segmentation/VLAN policy?
Describe VLANs or firewall rules for cameras/ACS
Require 802.1X certificate-based authentication for cameras?
RADIUS server vendor
Need end-to-end TLS 1.3 encryption for video streams?
Provide your own PKI/CA?
Must devices be NIST SP 800-213 compliant?
Provide compliance deadline
Require vulnerability scanning and SBOM from vendor?
Frequency
Quarterly
Semi-annual
Annual
On-demand
Need SOC integration (SIEM, MITRE ATT&CK mapping)?
SIEM vendor
Define service-level expectations to align support resources and escalation paths.
Preferred support model
24/7 proactive monitoring
Business hours NBD
8x5 phone
On-demand
Need onsite spares (hot-swap cameras/readers)?
Percentage of devices to hold as spares
Maximum acceptable response time for P1 outage
<30 min
30–60 min
1–4 h
Next business day
Require preventive maintenance visits?
Frequency
Monthly
Quarterly
Semi-annual
Annual
Need remote firmware update service?
Allow staged rollout (pilot group first)?
Want quarterly security posture reviews?
Key metrics you want tracked
Transparent budget and timeline inputs help us prioritize solutions and financing options.
Budget range (total CAPEX)
Procurement preference
Capex purchase
Opex lease (3–5 yrs)
Security-as-a-Service monthly
Hybrid
Desired installation start date
Go-live deadline
Need phased rollout across multiple sites?
List site priority order and blackout periods
Require training for internal staff?
Number of operators to train
Expecting RFP/RFQ process?
RFP release date
Security solutions may need to satisfy local or industry-specific compliance regimes.
Applicable standards
ISO 27001
PCI DSS
SOC 2 Type II
GDPR
HIPAA
FISMA
PSI for CCTV
EN 62676
UL 294
NDAA Section 889
Other
Need third-party penetration test report?
Required test standard
OWASP Top 10
NIST SP 800-115
OSSTMM
PTES
Custom:
Require vendor to hold cyber-insurance?
Minimum coverage amount
Need manufacturer source-code escrow?
Trigger events for release
Upload floor plans, network diagrams, or policy documents to accelerate design accuracy.
Upload floor plan (DWG/PDF/JPG)
Upload existing CCTV layout (if any)
Upload network topology diagram
Any special requirements not covered above
I consent to the vendor processing my data for quotation purposes
I agree to receive product updates and security advisories
Analysis for Commercial Security & Surveillance Solutions Inquiry Form
Important Note: This analysis provides strategic insights to help you get the most from your form's submission data for powerful follow-up actions and better outcomes. Please remove this content before publishing the form to the public.
This inquiry form excels at translating a high-liability, technically-complex domain—commercial security & surveillance—into a structured, low-friction questionnaire. By sequencing questions from business context → risk → technology → compliance → procurement, it mirrors the mental model of a security manager who first justifies the need, then defines the spec, and finally secures budget and compliance sign-off. The liberal use of conditional follow-ups keeps the perceived length short while still capturing deep detail when needed. Mandatory fields are concentrated in early sections, allowing partial submissions to be qualified by sales teams even if the respondent abandons later tabs. Finally, every numeric or choice-based question includes measurement units or pick-list items that align with industry standards (m², AES-256, NIST SP 800-213), which reduces back-and-forth clarifications and signals vendor credibility.
From a data-quality perspective, the form is engineered for granular segmentation: industry vertical, threat profile, existing security layers, and budget range are all captured independently. This allows marketing automation to score leads with high precision and route high-value opportunities directly to senior engineers. Privacy considerations are front-loaded with explicit consent checkboxes and jurisdiction-specific biometric prompts, mitigating GDPR/CCPA liability. The optional file-upload section (floor plans, network diagrams) is strategically placed at the end so technical stakeholders can enhance the proposal without forcing non-technical users to drop out earlier.
Legal Entity Name is the cornerstone of contract formation and due-diligence checks. Capturing it up-front enables automatic business-registration lookup to confirm the prospect exists, is in good standing, and is not on any sanctions list—critical for a security vendor that may later hold facility keys or biometric data. The field is single-line text rather than a pick-list, accommodating global naming conventions and special characters, but the mandatory flag ensures downstream CPQ tools can generate legally binding quotes without manual re-keying. Because the form also collects trading names separately, the legal name remains pristine for invoicing and insurance underwriting, reducing payment delays.
Industry Vertical drives the entire threat model and compliance roadmap. By forcing a discrete choice (with an “Other” escape hatch), the vendor can instantly map the prospect to pre-built risk templates—e.g., Warehousing & Logistics triggers questions about perimeter intrusion and cargo theft, while Healthcare surfaces HIPAA retention rules. The conditional follow-up for “Other” prevents edge-cases from being misclassified, preserving data integrity. Making this mandatory eliminates the common sales cycle drag where solutions architects must schedule a discovery call just to learn the site is a cold-storage pharma depot with GDP compliance needs.
Full Address is more than a shipping location; it seeds GIS-based coverage calculations for wireless link budgets, patrol response times, and even local crime-index analytics. The field is open-text to accept international formats, but its mandatory status ensures the engineering team can perform a pre-sale RF survey without requesting additional information. Address geocoding also flags whether the site is in a jurisdiction with special requirements (e.g., German states with works-council consent for CCTV), feeding automatic compliance checklists.
Existing Security Layers is a multiple-choice question that doubles as a gap-analysis tool. By forcing at least one selection (mandatory), the vendor can benchmark the prospect’s maturity against industry baselines—selecting only “CCTV (analog)” and “24/7 manned guarding” indicates high labour cost and upgrade potential, while ticking “Cybersecurity SOC” suggests a sophisticated buyer who will scrutinise network hardening. The inclusion of “None” prevents false positives for green-field sites, ensuring pipeline reporting accurately reflects upsell opportunity size.
Minimum Retention Period is captured as a numeric field in days, aligning with most VMS licensing metrics and local statutes (e.g., 30 days in Singapore, 90 days for UK ASIS). Making this mandatory forces the prospect to confront storage costs early, avoiding scope-creep later when terabytes of NAS are added to the quote. The answer also triggers automated RAID-level and bandwidth sizing, so engineers can append accurate cloud-backup costs to the proposal without a second discovery pass.
Budget Range is requested as an open-ended currency field, allowing global prospects to enter USD, EUR, SGD, etc. Its mandatory status prevents the dreaded “no budget” leads that clog CRM pipelines. Because the field is free-text rather than a pick-list, large prospects can indicate multi-million-dollar figures that qualify them for enterprise-grade SLAs and on-site escrow services, while smaller entries route to packaged SaaS offerings. Coupled with the Procurement Preference question, the vendor can immediately propose OpEx leases or Security-as-a-Service models if Capex is constrained.
Mandatory Question Analysis for Commercial Security & Surveillance Solutions Inquiry Form
Important Note: This analysis provides strategic insights to help you get the most from your form's submission data for powerful follow-up actions and better outcomes. Please remove this content before publishing the form to the public.
Question: Legal entity name
Justification: This field is mandatory because the legal entity name underpins every downstream contractual, compliance, and insurance document. Without it, the vendor cannot perform sanction-screening, credit checks, or generate a binding quotation, all of which are prerequisites in a high-liability industry where mistaken identity can void coverage.
Question: Industry vertical
Justification: Industry vertical is essential for threat-model templating and regulatory mapping. A mandatory selection ensures the vendor applies the correct baseline (e.g., PCI-DSS for retail, HIPAA for healthcare) from the first interaction, eliminating costly re-engineering later and demonstrating domain expertise to the prospect.
Question: Full address of primary site
Justification: The full address is mandatory to enable RF planning, crime-index analytics, and jurisdiction-specific compliance checks. Accurate geolocation also feeds into SLA calculations for response times, ensuring the proposal’s service commitments are realistic and legally binding.
Question: Number of locations to be covered
Justification: This mandatory field directly affects licensing costs, deployment methodology, and discount tiers. It prevents under-scoped proposals that would otherwise require painful price revisions after commercial terms have been informally agreed.
Question: Primary contact full name
Justification: A mandatory contact name is required for audit trails, access-control credentialing, and emergency escalation. In security installations, the named individual may later be required to sign facility key-holder agreements, so capturing the correct person at inquiry stage avoids legal gaps.
Question: Job title
Justification: Job title is mandatory to gauge authority level and align communications appropriately. A CISO requires technical deep-dives and ROI models, whereas a Facilities Manager needs maintenance SLAs and power-consumption specs, influencing the entire sales motion.
Question: Business email
Justification: Business email is the primary channel for sending NDAs, compliance certificates, and CAD-ready drawings. Making it mandatory ensures the vendor can deliver time-sensitive security advisories and patch notifications, fulfilling post-sale duty-of-care obligations.
Question: Direct phone with country code
Justification: A direct phone number is mandatory for emergency outage escalations and pre-installation logistics. Security systems often require after-hours access coordination; without a real-time contact, deployment teams risk failed site visits that inflate project costs.
Question: Existing security layers
Justification: This mandatory multi-select question benchmarks current maturity and identifies cross-sell opportunities. It prevents engineers from proposing redundant systems and ensures the quote reflects integration effort with legacy infrastructure, which materially affects margin and timeline.
Question: Primary threats of concern
Justification: By forcing at least one threat selection, the vendor can align camera placement, analytics rules, and access-control policies to actual business risk rather than generic templates, thereby increasing win probability and customer trust.
Question: Operational hours
Justification: Operational hours are mandatory to calibrate staffing models, alert escalation matrices, and bandwidth for off-site backups. A 24/7 facility needs redundant hot-spares and immediate response SLAs, whereas a day-shift-only site can use lower-cost business-hours support.
Question: Maximum acceptable downtime for critical cameras
Justification: This mandatory field drives redundancy architecture and warranty level. Zero-downtime sites require edge recording, failover servers, and premium SLAs, all of which must be priced into the initial quote to avoid margin erosion.
Question: Risk tolerance
Justification: A mandatory 1–5 risk-tolerance scale ensures the proposed solution aligns with organisational culture. Risk-averse buyers receive conservative, compliance-heavy designs, while risk-neutral ones can be offered innovative, cost-optimized configurations.
Question: Minimum video retention period required (days)
Justification: Retention period is mandatory for storage sizing, RAID selection, and cloud-backup costs. Underestimating retention can breach legal statutes and invalidate evidence, so capturing this early is non-negotiable for a compliant proposal.
Question: Network ownership
Justification: Mandatory network ownership clarifies who controls VLANs, firewalls, and certificate authorities. This dictates whether the vendor must supply out-of-band cellular, coordinate with internal IT, or obtain third-party ISP approvals—critical path items for project scheduling.
Question: Preferred support model
Justification: Support model is mandatory to assign the correct cost tier and engineer skill level. 24/7 proactive monitoring requires SOC staffing and encrypted SIM cards, whereas on-demand support uses shared resources, directly impacting gross margin and resource planning.
Question: Maximum acceptable response time for P1 outage
Justification: A mandatory response-time selection underpins SLA penalties and spare-parts stocking locations. Sub-30-minute commitments require local field engineers and consignment inventory, which must be reflected in pricing and contractual terms.
Question: Budget range (total CAPEX)
Justification: Budget is mandatory to prevent unqualified leads from consuming pre-sales engineering hours. It also triggers financing options—lease, SaaS, or purchase—and determines whether the deal qualifies for enterprise-level risk management or standard terms.
Question: Procurement preference
Justification: This mandatory field aligns quotation templates with accounting treatment. Capex purchases need depreciation schedules and title transfer clauses, while opex leases require residual-value calculations and early-termination language, all of which must be correct at first submission.
Question: Desired installation start date
Justification: A mandatory start date enables resource levelling across multiple projects. It also flags conflicting commitments and public-holiday blackout periods, ensuring the vendor can honour contractual go-live dates and avoid penalty clauses.
Question: Go-live deadline
Justification: The go-live deadline is mandatory for critical-path planning, long-lead component ordering, and customs clearance where applicable. Missing this date can trigger liquidated damages, so capturing it up-front is essential for risk management.
Question: I consent to the vendor processing my data for quotation purposes
Justification: This mandatory checkbox fulfils GDPR Article 6(1)(a) and similar privacy statutes. Without explicit consent, the vendor cannot lawfully store personal data for follow-up marketing or store biometric specifications, exposing both parties to regulatory penalties.
The form strikes an aggressive but defensible mandatory-field posture: 22 out of ~60 fields are required. While this risks a 15–20% abandonment rate, the strategy is rational for a high-liability B2B sale where engineering cost per lead is high. To optimise completion without sacrificing data quality, consider making budget and go-live fields conditionally mandatory only after the prospect selects “RFP/RFQ process = No,” thereby reducing friction for early-stage researchers while preserving rigour for active buyers. Additionally, introduce a progress bar and save-resume functionality so partial submissions can be recovered, mitigating the downside of the current mandatory density.
To configure an element, select it on the form.