Back to Blog

Spend Less Time Responding to Security Questionnaires

|

Security Assessments, Security Questionnaires, Vendor Assessments, Technical RFPs – whatever you call them – are unavoidable in the world of SaaS and are a pain to complete. Moreover, they’re a big part of closing new opportunities and maintaining or upselling existing accounts. But what many people don’t realize is that the Security Assessment response process can be made less painful and, dare we say, fun! There are resources available for making the process of responding to these Security Questionnaires more efficient.

Meme of Robert Downey Jr rolling his eyes with text that says "Oh Great! Another Massive Security Questionnaire".


Standardized Vendor Assessments

You’ve probably heard of standardized vendor assessments. They are becoming more and more popular for assessing Security and Compliance because they help both vendors and customers save time. These Standardized Questionnaires cover a broad spectrum of Security topics that your clients are likely to ask about. So why reinvent the wheel if you can have access to an existing one? Let’s look at the top 3:


VSAQ

VSAQ stands for Vendor Security Assessment Questionnaire. It’s a set of self-assessment Security questions that was developed by Google to help them evaluate “multiple aspects of a vendor’s security and privacy posture.” Since Google made the VSAQ Framework available to the public early last year, a lot of companies have started using it to assess their vendors.


CAIQ

Consensus Assessments Initiative Questionnaire (CAIQ) was developed by Cloud Security Alliance to help provide “industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency.” Overall, their document contains 300 questions across 16 different areas of security.


SIG and SIG Lite

SIG and SIG Lite – Standardized Information Gathering Questionnaires – contain industry standard questions that were developed by Shared Assessments. Out of the three standardized frameworks, SIG and SIG Lite are the most comprehensive. However, a SIG Questionnaire contains over 1,500 questions and even the “Lite” version, geared towards vendors offering lower risk services, contains hundreds of questions!


1,500 questions — that’s massive! No doubt, if you answer all the questions in the SIG, you’ll get an in-depth glimpse into what most customer concerns are around Security.


But if you want to start a bit smaller, we’ve got you covered. Being a SaaS company, we’re all too familiar with Security Questionnaires and have responded to a fair share of them.


Check out the infographic below summarizing the categories of questions that we often see across Security Questionnaires.

Link to Download Infographic: Common Categories In Security Questionnaires


Common questions we typically see:


Human Resources


Policies


Physical Security


Security Infrastructure


Business Continuity

Our goal is to make your life simpler. So, here is a handy template to access these questions and more. Download it to get your Library started!


The answers to these questions will form the base of your security content library
. Having a searchable Library will help make this content reusable so you and your team can leverage it for that next Security Questionnaire that comes in through the door!

Download the Guide

Recommended Reading
Back to Blog