Incoming Questionnaires
Overview
Incoming questionnaires are security assessments that your organization receives from customers, partners, or regulatory bodies. These questionnaires evaluate your security posture, compliance status, and risk management practices. The AskInfosec Security Questionnaire Automation platform streamlines the process of responding to these questionnaires, saving time and ensuring accurate, consistent responses.
Workflow
The typical workflow for handling incoming questionnaires consists of the following steps:
Upload - Import the questionnaire document into the system
Map - Identify and categorize questions within the document
Assign - Distribute questions to appropriate team members
Respond - Answer questions manually or with AI assistance
Review - Verify the accuracy and completeness of responses
Submit - Finalize and deliver the completed questionnaire
Uploading a Questionnaire
Supported File Formats
The platform supports the following file formats for questionnaire uploads:
Excel (.xlsx)
CSV (.csv)
Upload Process
Navigate to the Questionnaires section in the main navigation
Click the Add Questionnaire button
Select Incoming as the questionnaire type
Fill in the basic information:
Questionnaire Name - Provide a descriptive name (e.g., "Customer X TPISA 2023")
Due Date (optional) - Set a deadline for completion
Scope - Select "Incoming" from the scope dropdown
Collaborators - Add team members who will help complete the questionnaire
Click Next to proceed to the file upload step
Upload your questionnaire file by dragging and dropping or using the browse button
Click Next to proceed to the mapping step
Mapping Questions
The mapping process helps the system identify and categorize questions within your uploaded document.
Worksheet Selection
If your Excel file contains multiple worksheets, you'll need to select which ones to process:
Review the list of available worksheets
Select the worksheets containing questions to be processed
Click Next to proceed to column mapping
Column Mapping
Map the columns in your document to the appropriate question attributes:
Identify the column containing the question text and map it to Question
Map additional columns as needed:
Question ID - Unique identifier for each question
Answer Detail - Column for detailed responses
Yes/No/NA - Columns for compliance responses
Question Preview
After mapping, you'll see a preview of the identified questions:
Review the extracted questions to ensure they are correctly identified
Make adjustments to the mapping if necessary
Click Next to proceed to the final review
Final Review
Review the questionnaire details before submission:
Verify the questionnaire name and due date
Confirm the number of questions extracted
Check the column mappings
Click Submit to finalize the upload
Responding to Questions
Once your questionnaire is uploaded, you can begin answering the questions.
Manual Responses
To answer questions manually:
Navigate to the questionnaire details page
Click on a question to open the response editor
Enter your response in the answer field
Add supporting evidence if required
Save your response
AI-Assisted Responses
The platform offers AI assistance to help generate responses:
Select a question or use the batch processing feature to select multiple questions
Click the Ask AI button
Review the AI-generated response
Edit the response if necessary
Click Accept to save the response
Batch Processing
To process multiple questions simultaneously:
From the questionnaire details page, click Batch Process
Select the questions you want to process
Click Generate Answers
Review the generated answers
Make any necessary edits
Click Accept All to save the responses
Adding Evidence
Supporting evidence strengthens your questionnaire responses and provides validation for your security claims.
Types of Evidence
The platform supports various types of evidence:
Policy documents
Procedure documentation
Screenshots
Certificates
Audit reports
Linking Evidence
To link evidence to a question:
Open the question response editor
Click the Add Evidence button
Select from existing documents or upload a new file
Add a description explaining how the evidence supports your response
Click Save to link the evidence
Collaboration
The platform facilitates collaboration among team members to efficiently complete questionnaires.
Assigning Questions
To assign questions to team members:
From the questionnaire details page, select one or more questions
Click the Assign button
Select the team member from the dropdown
Add optional notes or instructions
Click Assign to notify the team member
Tracking Progress
Monitor the completion status of your questionnaire:
View the questionnaire dashboard to see overall progress
Filter questions by status (Not Started, In Progress, Completed)
Sort questions by assignee to check individual progress
Set up email notifications for approaching deadlines
Finalizing and Submitting
Once all questions have been answered and reviewed, you can finalize the questionnaire.
Review Process
Before submission, conduct a thorough review:
Check for unanswered questions
Verify that all responses are accurate and complete
Ensure all required evidence is attached
Review for consistency across responses
Exporting the Questionnaire
To export the completed questionnaire:
From the questionnaire details page, click Export
Select the export format (Excel, CSV, PDF)
Choose export options (include evidence links, comments, etc.)
Click Download to save the file
Changing Status
Update the questionnaire status to reflect its current state:
From the questionnaire details page, click the status dropdown
Select the appropriate status:
In Progress - Still being worked on
Under Review - Awaiting final approval
Completed - Ready for submission
Submitted - Sent to the requesting organization
Add optional notes about the status change
Click Update to save the new status
Best Practices
Organization
Use a consistent naming convention for questionnaires
Set realistic due dates with buffer time for review
Assign questions based on team members' expertise
Response Quality
Provide specific, detailed answers rather than generic responses
Include references to specific controls and policies
Ensure responses align with your organization's security documentation
Efficiency
Leverage AI-generated responses for common questions
Reuse responses from previous questionnaires when appropriate
Build a knowledge base of standard responses for recurring questions
Evidence Management
Maintain an up-to-date library of evidence documents
Use descriptive filenames for evidence documents
Ensure evidence directly supports the claims in your responses
Troubleshooting
Upload Issues
File Not Recognized: Ensure your file is in a supported format (.xlsx or .csv)
Mapping Errors: Check that column headers are clearly defined in your document
Large Files: For files over 10MB, try splitting into multiple documents
Response Problems
AI Not Generating Responses: Verify that your knowledge base is properly configured
Missing Evidence: Check that referenced documents are uploaded to the system
Collaboration Conflicts: Use the comment feature to resolve conflicting responses
Conclusion
The Incoming Questionnaires module of the Security Questionnaire Automation platform transforms a traditionally time-consuming process into an efficient, collaborative workflow. By leveraging AI assistance, team collaboration, and evidence management, your organization can respond to security questionnaires more quickly and with greater accuracy.
Remember that the quality of your responses directly impacts how your security posture is perceived by customers and partners. Take advantage of the platform's features to present your security program in the best possible light while maintaining honesty and transparency.
Last updated