Overview
A standard response template is a questionnaire with common questions asked by a company when looking to enter into an agreement with a vendor or service provider, or for ongoing evaluations of existing vendors.
These templates are available for purchase from different issuing associations with knowledge of best practices. Some are designed for specific industries or organizations and others are more generic. The templates focus on security controls within an organization, and use those controls to specify the degree of risk involved in working with that vendor.
Responsive does not issue standard response templates. It does not control the questions included on them or how frequently new templates are issued. We work with the issuing institutions to make sure the latest versions are supported.
Our application has been designed to streamline the process of responding to these templates by allowing you to import them without having to map content (such as sections, questions, or answers) as you normally would.
We support the following templates:
- Standardized Information Gathering (SIG) issued by Shared Assessments
- Security Questionnaire - Core
- Security Questionnaire - Full
- Security Questionnaire - Lite
- Consensus Assessment Initiative Questionnaire (CAiQ) issued by the Cloud Security Alliance
- CORL issued by CORL Technologies
- ePSA issued by EPRI
- Higher Education Community Vendor Assessment Toolkit (HECVAT) issued by Educause
Best Practices
- Check to see if people other than your Response Managers are answering these types of questionnaires. If so, they could save time and effort by importing them into the application and using the Answer Library/Content Library to complete them.
- You can import a completed standard template in your Answer Library to reuse the answers in future responses.
Responding to a Standard Response Template
When you receive a questionnaire that is a standard response template, perform the following steps to import it:
- In Responsive, create a project.
- Click Upload Document. The Upload Document pop-up appears.
- Drag and drop the file in the main pane, or click Upload from local drive to browse to it.
- Wait a minute or two for the file to be imported and configured. You will see a status message while it loads.
- When the import is finished, you will receive a success message with information about the file that was uploaded. Click Go to Sections to begin working on the project.
- The CAIQ and CORL templates can be edited once the system automatically configures them. The automatically configured SIG, ePSA, and HECVAT templates cannot be edited by the user. However, they can be edited by an Responsive Support member on request from the user.
- Some of the standard files have a tab that lists copyright or version information. If that tab is missing, the file may have been altered by the issuer. If the file was altered, the file will be treated like a normal Excel file rather than a standard response template.
- The CAIQ and CORL templates can be edited once the system automatically configures them. The automatically configured SIG, ePSA, and HECVAT templates cannot be edited by the user. However, they can be edited by an Responsive Support member on request from the user.