A list of applications lists all the software applications used within the system to operate as intended.  This list may include server software, backend applications, desktop applications, and even supporting software that operates “behind the scenes”.

They want an application list so that they can assess the likelihood that their data will be properly handled and protected.  Some applications may have vulnerabilities or know weaknesses.  Also, some applications have known weaknesses or limitations that may call into question the ability to keep data protected.

They expect a list of all applications, including the application name and version number.

Every application needs a name that it is referred to as, whether it be for internal or external use.  Naming an application and setting boundaries as to what is part of that application and what that application is connected to is an important part of setting boundaries and assigning responsibilities.

The organization asking for the application name is simply looking for a way to refer to the application in paperwork, contracts, the security questionnaire, and in other communications.

The organization is looking for an established name of the application that they can use in documents and communications so that both your organization and theirs will understand what is being referred to in these communications. Version numbers may be applicable to include in the name, if there are major changes between application versions. If there are major changes, then the major version should be updated.  Minor version numbers may not need to be referred to in business documents, but are likely needed in technical documents exchanged as there may be impactful technical differences between minor versions.