This message was posted by a user wishing to remain anonymous
This question is aimed at those who are
receiving due diligence requests from their clients -
Our product supports the finanical industry, so our team provides a SOC 2 Type II, a SIG, and additional policy and procedure documentation. Even with providing this pre-approved documentation, we continually get requests to complete each individual questionnaire (which can be upwards of 200+ questions). This process has become quite arduous, and we expect it to only get worse looking forward.
I am interested to hear how others are managing this process, or any ideas that someone would love to implement if they had the resources, funding, etc. Additionally, how does one maintain their accurate library of responses without regularly engaging their software teams?
Thank you in advance for any advice or insight!