A brokerage may have many useful security practices in place and still struggle to locate the supporting record during renewal. The operational problem is usually not one missing document. It is that screenshots, policies, training records, vendor notes, and ownership details live in different places.
An evidence list helps the team separate what is already documented, what needs an update, and what requires help from an IT provider, broker, carrier, or another qualified professional.
Build a record around the topics your team can maintain.
The exact questions and requested materials vary. Use this as an internal preparation list, then follow the instructions provided by your broker or carrier.
Multi-factor authentication
Record where MFA is enabled for email, administrative accounts, transaction tools, and other important systems.
Backups and recovery
Keep the latest backup status and any available restore-test record or provider confirmation.
Training and acknowledgment
Maintain completion records for security and wire-verification awareness.
Administrative access
Keep a current list or review record for people with elevated access.
Vendors and data access
Document important service providers, the access they receive, and the internal owner.
Policies and response contacts
Keep current access, password, AI usage, wire-verification, and response documents together.
A calm renewal-preparation sequence.
- 01
Collect the current questionnaire
Use the actual broker or carrier request as the source for what is required.
- 02
Name an owner for every topic
Assign the person who can answer, locate the record, or coordinate with a provider.
- 03
Link the supporting record
For each answer, point to the policy, screenshot, report, acknowledgment, or provider note that supports it.
- 04
Mark gaps without guessing
Separate missing, stale, and provider-owned items instead of overstating what is in place.
- 05
Review with the right professionals
Use the organized record to support conversations with your broker, carrier, IT provider, and other advisors.
This guide provides documentation support. It does not predict eligibility, coverage, pricing, or a carrier decision. Carriers and brokers use their own questions and processes. Follow their current instructions and review material answers with qualified professionals.
- 01
Federal Trade Commission: Cybersecurity for Small Business. General guidance covering access, MFA, vendors, and incident planning.
- 02
Federal Trade Commission: Start with Security: A Guide for Business. Practical lessons on data minimization, access, authentication, service providers, and keeping security current.
- 03
National Institute of Standards and Technology: Cybersecurity Framework. A voluntary framework for organizing cybersecurity outcomes and communicating risk.
- 04
Cybersecurity and Infrastructure Security Agency: Cyber Essentials. Practical starting points for leaders building an organizational security program.
Published July 13, 2026. Last reviewed July 13, 2026.