u/macr6

I need to get an outside company to conduct a pentest on my companies web application sitting in GSP. I've been going through the documentation (and finding out how much is actually outdated) and I saw in the penetration testing guidelines doc version 4 that a red team assessment is now a requirement. My question is, if my app is in the Google's cloud, do I need to have my entire organization red teamed and penetration tested even if none of the app sits at my site?