BLACKSHIELD

Public Guide

How to Answer Security Reviews About BlackShield

Answer buyer questionnaires by pointing to concrete BlackShield controls: identity setup, API key governance, audit exports, compliance evidence, and tenant self-service deletion. Audience: Security buyers, procurement teams, legal reviewers, and revenue teams supporting due diligence. Typical setup time: 15-20 minutes.

trust

Use this if

Answer buyer questionnaires by pointing to concrete BlackShield controls: identity setup, API key governance, audit exports, compliance evidence, and tenant self-service deletion.

Audience
Security buyers, procurement teams, legal reviewers, and revenue teams supporting due diligence
Typical time
15-20 minutes

Before You Begin

  • Collect the latest questionnaire or procurement checklist from the buyer.
  • Confirm whether legal review is required before any answer packet is shared externally.
  • Prepare direct references to `/identity`, `/audit`, `/compliance`, and `/tenant-rights`.

Guide walkthrough

Step 1

Answer access-control questions with the identity and key surfaces

When a buyer asks how access is controlled, answer with the product surfaces that implement it.

  • Use `/identity` to show OIDC configuration, provider validation, group-to-role mapping, SCIM token rotation, and identity audit.
  • Use `/api-keys` to show that keys are issued, listed, and revoked from the tenant workspace.
  • Use the role model to explain which actions require tenant-admin privileges and which are read-only for members or viewers.

What success looks like

Use the role model to explain which actions require tenant-admin privileges and which are read-only for members or viewers.

Step 2

Answer evidence and accountability questions with exportable records

If the buyer asks for proof, use the product features that export it.

  • Use `/audit` to filter events by action, actor, and time range, then export CSV or JSON evidence.
  • Use `/compliance` to show benchmark heatmaps, control drill-down, and control-coverage export.
  • Use `/reports` when the buyer wants scheduled or executive-facing exports instead of an interactive view.

What success looks like

Use `/reports` when the buyer wants scheduled or executive-facing exports instead of an interactive view.

Step 3

Answer data-rights and offboarding questions with the real workflow

Do not answer deletion or offboarding questions abstractly when the product has a specific tenant-admin flow.

  • Use `/tenant-rights` to show the tenant summary, user roster, deletion confirmation phrase, and irreversible acknowledgement step.
  • Explain that tenant deletion removes users, findings, API keys, alert-sync state, audit logs, ingestion jobs, and the company record for the current workspace.
  • Call out any remaining legal or contractual questions separately instead of hiding them inside technical answers.

What success looks like

Call out any remaining legal or contractual questions separately instead of hiding them inside technical answers.

What success looks like

  • All material buyer questions are answered with specific product controls or exports, not generic prose.
  • The response pack points to real BlackShield screens and docs that the next reviewer can verify.
How to Answer Security Reviews About BlackShield | BlackShield Docs