BLACKSHIELD

Public Guide

How to Answer Security Reviews About BlackShield

Answer buyer questionnaires by pointing to concrete BlackShield controls: identity setup, API key governance, audit exports, compliance evidence, and tenant self-service deletion. Audience: Security buyers, procurement teams, legal reviewers, and revenue teams supporting due diligence. Typical setup time: 15-20 minutes.

Before You Begin

  • Collect the latest questionnaire or procurement checklist from the buyer.
  • Confirm whether legal review is required before any answer packet is shared externally.
  • Prepare direct references to `/identity`, `/audit`, `/compliance`, and `/tenant-rights`.

Step-by-step

Step 1

Answer access-control questions with the identity and key surfaces

When a buyer asks how access is controlled, answer with the product surfaces that implement it.

  • Use `/identity` to show OIDC configuration, provider validation, group-to-role mapping, SCIM token rotation, and identity audit.
  • Use `/api-keys` to show that keys are issued, listed, and revoked from the tenant workspace.
  • Use the role model to explain which actions require tenant-admin privileges and which are read-only for members or viewers.

Step 2

Answer evidence and accountability questions with exportable records

If the buyer asks for proof, use the product features that export it.

  • Use `/audit` to filter events by action, actor, and time range, then export CSV or JSON evidence.
  • Use `/compliance` to show benchmark heatmaps, control drill-down, and control-coverage export.
  • Use `/reports` when the buyer wants scheduled or executive-facing exports instead of an interactive view.

Step 3

Answer data-rights and offboarding questions with the real workflow

Do not answer deletion or offboarding questions abstractly when the product has a specific tenant-admin flow.

  • Use `/tenant-rights` to show the tenant summary, user roster, deletion confirmation phrase, and irreversible acknowledgement step.
  • Explain that tenant deletion removes users, findings, API keys, alert-sync state, audit logs, ingestion jobs, and the company record for the current workspace.
  • Call out any remaining legal or contractual questions separately instead of hiding them inside technical answers.

Success Checks

  • All material buyer questions are answered with specific product controls or exports, not generic prose.
  • The response pack points to real BlackShield screens and docs that the next reviewer can verify.
How to Answer Security Reviews About BlackShield | BlackShield Docs