"so since our organization's annual spend with your company is now over a certain amount, you are classified as a 'critical' vendor to us, and we need you to fill out this security survey, or we can also accept a third party audit report like a SOC 2 or ISO 27001, do you have an audit?"
Bartender: "erm"