In regards to encryption, what length encryption key are you using with the SymmetricAlgorithm (ie. 128-bit, 256-bit, etc.)?
We use SHA256 with RSA.
Can you confirm the TLS 1.2 is leveraged for https / port 443 traffic?
Yes.
How do you dispose of data?
Except for the above temporary encrypted data store, any CRM data is retrieved from the active CRM for review in the P&M review screens, using the relevant UniqueId (GUID)