How do you respond to questionaire by big corp on cloud practices
Things like:
1) SDLC policy
2) incidence response plan
3)security policy document(s)
First step is you actually _have_ those policies, if not create them. Following is you prove that you have them via something like a SOC2 audit.