FREE TOOL
Upload a carrier questionnaire. Get a structured action plan.
Drop any carrier PDF, paste the text, or forward the email. BindLedger maps every question to controls and tells you what can be auto-verified, what needs MSP evidence, and what needs client attestation.
How BindLedger's Carrier Decoder works
Carrier questionnaires—also called supplements or applications—are the standard document that insurers use to evaluate your cyber risk before issuing a policy or at renewal. A typical carrier questionnaire contains dozens of security questions spanning email configuration, identity and access controls, endpoint detection, backup strategy, and incident response.
The Carrier Decoder automates the extraction and classification of these questions. Instead of reading through a 20-page PDF line by line, it extracts each question, normalizes it to a standard control category, identifies which team should answer it (MSP, broker, or insured), and determines what evidence is needed to satisfy the requirement.
Without a parser, your team spends 4–6 hours manually reading, re-reading, and routing questions to the right people. With the Carrier Decoder, that process takes 90 seconds.
How it works
Parse
Upload your carrier questionnaire or paste the text directly. We extract every question and break down what's being asked.
Triage
BindLedger maps each question to your security controls and classifies what you can auto-verify, what needs evidence, and what needs attestation.
Act
Assign owners (broker, MSP, client), share results with your team, and activate your workspace to start gathering evidence.
Decoded the supplement? Compare the renewal too.
Use Renewal Delta to compare the expiring and renewal declarations pages side by side after you finish parsing the questionnaire.
Compare your renewal →Email forwarding — coming soon
We're building email ingestion so you can forward questionnaires directly and get a structured action plan back.
For now, upload the PDF or paste the text above. Same results, same accuracy. After parsing, browse evidence templates and underwriting answers to guide your response.
How the Carrier Decoder maps questions to security controls
Carrier questionnaires vary widely in wording, structure, and depth. BindLedger normalizes all these variations by mapping each question to a standard security control. This gives your team a consistent language across renewals, carriers, and tools.
Here are the primary control categories that every carrier questionnaire touches on:
Email authentication
SPF, DKIM, DMARC configuration. Carriers ask about enforcement policies (monitor, quarantine, reject) and whether exceptions are logged and reviewed.
MFA and identity access management
Multi-factor authentication for remote access, admin consoles, and sensitive systems. Questions about authentication methods (push, TOTP, hardware tokens) and scope of enforcement. See guides for Okta and Microsoft Entra.
Endpoint detection and response
EDR deployment across laptops, desktops, and servers. Carriers verify coverage, alert response procedures, and integration with security operations.
Patch management and vulnerability scanning
Frequency of patching cycles. Automated vs. manual deployment. Vulnerability scanning tools and remediation timelines for critical and high-severity findings.
Backup isolation, immutability, and restore testing
Backup architecture (on-site, cloud, hybrid). Whether backups are immutable or air-gapped to prevent ransomware destruction. Frequency of restore testing. See our Veeam backup guide.
Privileged access management
Control of admin accounts, service accounts, and shared credentials. Session recording, approval workflows, and separation of duties.
Security awareness training
Annual or recurring training for all staff. Phishing simulations. Testing and attestation of completion. Coverage for third-party contractors and vendors.
Wire transfer and payment verification
Multi-person approval for payment requests. Out-of-band verification before wire transfers. Limits on single-person transaction amounts.
Incident response planning
Written incident response plan. Defined roles, escalation procedures, and communication protocols. Regular testing and updates.
Business continuity and disaster recovery
Recovery time objectives (RTOs) and recovery point objectives (RPOs). Business continuity plan testing. Documented procedures for critical services.
Who should answer each type of carrier question
Not every question goes to the same person. Carrier questionnaires are split across three owners—broker, MSP/vendor, and insured—based on who has the information and authority to answer truthfully.
Broker-owned questions
Coverage scope, policy limits, retention, deductibles, and policy structure. The broker knows the policy details and what the insurer is willing to cover. These questions are routed to the broker immediately.
MSP/vendor-owned questions
Technical evidence and system configurations. EDR deployment reports, MFA conditional access policies, email authentication DNS records, backup configurations, vulnerability scan results, and patch schedules. The MSP or internal IT team owns the evidence exports and configuration screenshots.
Client/insured attestations
Employee training completion, payment approval procedures, incident response plan approval, and written policies. Questions about business practices and governance typically require attestation from the insured, not just evidence. A training report is evidence; a signed statement that training is required is attestation.
Shared review questions
Questions that cross boundaries require multiple owners. For example, "Do all users have MFA?" requires MSP to export conditional access policies AND the client to attest that the MSP's scope covers all users in scope for the policy. BindLedger flags these for coordinated response.
Example carrier questions and how the Carrier Decoder classifies them
Below are real-world carrier questions mapped to controls, evidence type, owner, and whether the answer can be auto-verified from structured data exports.
| Carrier question | Control | Evidence type | Owner | Auto-verified |
|---|---|---|---|---|
| Do you enforce DMARC at quarantine or reject? | Email auth | DNS record | MSP | Yes |
| Is MFA required for all remote access? | MFA/IAM | Conditional access policy | MSP | No |
| Are backups stored immutable or air-gapped? | Backup/recovery | Backup config screenshot | MSP | No |
| Do you provide annual security awareness training? | Security training | Training completion report | Client | No |
| Do you have a written incident response plan? | Incident response | IRP document | Client | No |
| Is EDR deployed on all endpoints including servers? | EDR | EDR coverage report | MSP | No |
Frequently asked questions
What file formats does the Carrier Decoder accept?
The Carrier Decoder accepts PDF, DOCX, and plain text. You can upload a PDF questionnaire directly, copy and paste text from any carrier form, or paste the full email body if it contains the questions. Email forwarding is coming soon—you'll be able to forward renewal notices directly to BindLedger and get a parsed action plan back automatically.
Does it work with any carrier's questionnaire?
Yes. The Carrier Decoder is carrier-agnostic. Whether the questions come from Coalition, Travelers, Hartford, Chubb, Munich Re, or any other cyber insurance carrier, the parser normalizes them to the same control taxonomy. This means you can compare questions across carriers, identify control gaps once, and satisfy evidence requirements across multiple renewals simultaneously.
Can evidence collected for one carrier transfer to another?
Yes. Because BindLedger normalizes questions to control-level requirements, evidence is portable across carriers. If you collected a DMARC DNS record export to answer Coalition's question, that same evidence satisfies Hartford's email authentication question. You document the control once and reuse it across all renewals.
What happens with questions the parser can't classify?
Questions that don't fit into a standard control category are flagged for manual review. BindLedger suggests categories based on the question content, but your team has the final say. This ensures no question gets lost and allows us to improve the parser over time.
Is my questionnaire data stored?
For the free Carrier Decoder tool, your questionnaire text is processed in real-time and not stored permanently. If you activate your BindLedger workspace to assign owners and gather evidence, that parsed structure is stored securely so your team can collaborate. All data is encrypted in transit and at rest.
Built for every role in the renewal chain
Brokers
Triage carrier forms across your book. See which clients need evidence, which are renewal-ready, and where the gaps are.
How brokers use BindLedger →MSPs
Know which questions are yours. Upload evidence once and reuse it across carriers and renewals.
How MSPs use BindLedger →Agency Ops
Route supplements to the right team in seconds. Clear owner assignments, scannable vs. manual split, deadline tracking.
How agency teams use BindLedger →