FREE · 196 REAL QUESTIONS · EMAIL-DELIVERED

The vendor security questionnaires enterprise buyers actually send

8 ready-to-use vendor security questionnaire templates modeled on SIG Lite, CSA CAIQ, the HIPAA Security Rule, AICPA SOC 2 TSC, GDPR Article 28, PCI DSS 4.0.1, NIST AI RMF, and NIST SP 800-171. Every question is published inline with severity, context, and the evidence to attach.

Browse questionnaires Run a free audit first
SaaS Vendor Security Questionnaire
32 Qs
MODELED ON SIG LITE
When an enterprise buyer asks for your security questionnaire, this is what they're really sending. 35 questions across 7 domains, modeled on the Shared Assessments SIG Lite catego
View questionnaire →
Cloud Provider Security Questionnaire
28 Qs
ALIGNED WITH CSA CCM
When a buyer's cloud-security team gets involved, they pull from the Cloud Security Alliance's CCM. This 30-question template covers the same 10 domains and tells you exactly what
View questionnaire →
HIPAA Business Associate Security Assessment
23 Qs
MAPS TO 45 CFR §164
Before a covered entity signs a BAA, they send this assessment. The questions track directly to the HIPAA Security Rule safeguards — 45 CFR §§164.308, 164.310, 164.312, 164.316 — p
View questionnaire →
SOC 2 Subservice Organization Questionnaire
23 Qs
AICPA SSAE 18 / SOC 2 TSC
Your customer is a SaaS, and they listed you as a subservice organisation in their SOC 2. Now their auditor (Deloitte / EY / PwC / KPMG / a CPA boutique) is sending you a questionn
View questionnaire →
GDPR Article 28 Processor Due Diligence
22 Qs
GDPR ARTICLE 28 + EDPB
Article 28(1) of GDPR requires controllers to use only processors that provide 'sufficient guarantees' of compliance. This questionnaire is the standard evidence pack EU privacy te
View questionnaire →
PCI DSS Service Provider Questionnaire
20 Qs
PCI DSS 4.0.1
If you store, process, or transmit cardholder data on behalf of a merchant, you're a PCI DSS Service Provider. Before sharing CHD, the merchant's QSA will send these questions to v
View questionnaire →
AI / LLM Vendor Risk Questionnaire
26 Qs
NIST AI RMF + EU AI ACT
Every enterprise that buys AI in 2026 sends a version of this. Built on NIST AI RMF (GOVERN/MAP/MEASURE/MANAGE), EU AI Act Articles 9–15, and ISO/IEC 42001. The questions buyers ca
View questionnaire →
NIST SP 800-171 Self-Assessment
22 Qs
NIST 800-171 r3 / CMMC L2
Any organisation processing Controlled Unclassified Information (CUI) under a DoD contract must implement and self-assess against NIST SP 800-171 (revision 3, finalised 2024). This
View questionnaire →

Stop answering the same questionnaire from scratch.

ComplianceIQ converts your audit responses, policies, and prior questionnaires into a reusable answer pack — pre-filled for SIG, CAIQ, HIPAA BA, SOC 2 subservice, GDPR Art. 28, PCI service-provider, AI vendor risk, and NIST 800-171. Cut response time from 9 days to 90 minutes.

Build my answer pack