Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include efficiently generating a security questionnaire response (SQR), measuring readiness via a readiness project for an audit project, sharing InfoSec entities across the various products of a tenant organization, risk assessment, automatic collection of evidence tasks, among others.