Episode Description
Security questionnaires are not the finish line. They are the opening move in a negotiation, and saying “yes” to everything can create a bigger problem than admitting what is still in progress.
In this episode of Get NIST-y, the cybersecurity and compliance podcast from Blacksmith InfoSec, Jared and Michael talk about turning evidence collection into a recurring habit instead of a Friday afternoon panic spiral.
Takeaways:
- Treat customer security questionnaires like a negotiation, not a checkbox confession booth
- User audits should follow your policy, but monthly IDP reviews can catch offboarding misses and billing weirdness
- Screenshots are not evidence if the underlying work is fake
- Backup “success” logs are not enough if you never test whether restoration actually works
We answer:
- What evidence should an MSP collect regularly so client questionnaires stop becoming fire drills?
- How much evidence is enough before the MSP becomes a full-time document janitor?
- What should small businesses keep when changing vendors so old proof does not disappear?
Make sure to follow the podcast or ask your own questions at: