Security Questionnaires
Overview
The Security Questionnaire module helps you respond to customer security assessments quickly and consistently. Use AI-assisted answers, maintain an answer library, and collaborate with your team.
The Challenge
Security questionnaires are time-consuming:
- Repetitive - Same questions across different formats
- Inconsistent - Different people give different answers
- Time-Consuming - Hours or days per questionnaire
- Scattered - Information spread across teams
The Solution
Bastion streamlines questionnaire responses:
- AI Assistance - Suggested answers based on your security posture
- Answer Library - Reuse verified answers
- Collaboration - Team-based response workflow
- Multiple Formats - Import and export various formats
Questionnaire Workflow
Import
Upload the customer questionnaire in any format.
Parse
Bastion extracts and organizes questions.
Match
AI matches questions to your answer library.
Review
Review and refine suggested answers.
Collaborate
Assign questions to subject matter experts.
Export
Export completed questionnaire in required format.
Importing Questionnaires
Supported Formats
| Format | Description |
|---|---|
| Excel (.xlsx) | Most common format |
| CSV | Comma-separated values |
| Word (.docx) | Document format |
| Portable document format | |
| SIG Lite | Standard Information Gathering |
| CAIQ | Consensus Assessments Initiative |
| VSA | Vendor Security Alliance |
Import Process
- Navigate to Customer Trust → Security Questionnaires
- Click Import Questionnaire
- Upload the file
- Review parsed questions
- Confirm import
Question Parsing
Bastion automatically:
- Extracts questions from document
- Identifies question types (yes/no, text, multiple choice)
- Groups related questions
- Detects existing answer matches
Answer Library
Building Your Library
The answer library grows with each questionnaire:
- Save Answers - Mark answers to save for reuse
- Categorize - Tag answers by topic
- Version - Track answer updates over time
- Approve - Mark answers as verified
Answer Categories
| Category | Example Topics |
|---|---|
| Access Control | MFA, SSO, password policies |
| Data Security | Encryption, data handling |
| Infrastructure | Cloud, network security |
| Compliance | SOC 2, ISO, HIPAA |
| Incident Response | Breach procedures |
| Business Continuity | Backup, disaster recovery |
Using the Library
When answering questionnaires:
- Bastion suggests matching answers
- Review suggested answer
- Accept, modify, or write new
- Optionally save new answer to library
AI-Assisted Answers
How It Works
Bastion's AI:
- Analyzes the question
- Searches your answer library
- References your compliance documentation
- Generates suggested answer
- Provides confidence score
AI Capabilities
| Feature | Description |
|---|---|
| Question Understanding | Interprets question intent |
| Answer Matching | Finds relevant library answers |
| Answer Generation | Creates new answers from documentation |
| Format Adaptation | Adjusts answer format (yes/no, detailed) |
AI suggestions are recommendations. Always review before submitting.
Concierge Service
What is Concierge?
For complex or high-volume questionnaires, use Bastion's Concierge service. Your vCISO and the Bastion security team review and complete questionnaires on your behalf:
- Expert Review - Your vCISO and security professionals review responses
- Quality Assurance - Verification of accuracy against your actual security posture
- Faster Turnaround - Dedicated response support
- Custom Formatting - Match customer requirements
Using Concierge
- Open questionnaire
- Click Request Concierge
- Provide context and deadline
- Concierge team responds
- Review and submit to customer
Collaboration
Assigning Questions
For questions requiring expert input:
- Select question(s)
- Click Assign
- Choose team member
- Add notes or context
- Send assignment
Assignment Workflow
| Status | Meaning |
|---|---|
| Assigned | Sent to team member |
| In Progress | Team member working on it |
| Ready for Review | Answer provided |
| Approved | Answer finalized |
Team Notifications
Team members receive notifications for:
- New question assignments
- Deadline reminders
- Review requests
- Questionnaire completion
Exporting Questionnaires
Export Formats
| Format | Best For |
|---|---|
| Excel | Most customers |
| Formal submissions | |
| Original Format | Return in same format |
| Word | Editable documents |
Export Process
- Complete all questions
- Click Export
- Select format
- Review preview
- Download or send directly
Analytics
Response Metrics
Track questionnaire performance:
- Average Response Time - Days to complete
- Questions per Questionnaire - Volume trends
- AI Match Rate - Library utilization
- Team Performance - Response by member
Common Questions
Identify frequently asked questions:
- Most common topics
- Questions lacking good answers
- Areas needing documentation
Best Practices
Build Library Proactively
Don't wait for questionnaires. Pre-populate your library with common security information.
Keep Answers Updated
Review and update library answers when policies or practices change.
Verify AI Suggestions
AI assistance accelerates work but requires human verification for accuracy.
Track Commitments
Note any commitments made in questionnaire responses for follow-through.