We practice what we preach when it comes to security. So all customer data is encrypted at rest and in transit, access is limited using RBAC, we have 2FA on everything, etc. We also never send customer security data to…
Thanks for the kind words!
If you have that problem in the future, please do reach out to us! That is an interesting hypothesis, and to be perfectly honest, I'm not sure what the answer is. There are plenty of existing business where you can pay…
That sounds terrible! Im so sorry!
The ultimate success or failure of our business depends on our ability to get our NLP to deliver high quality answers and minimize the time our own internal reviewers need to spend on each questionnaire. We are making…
Yep. Having them now gets you a seat at the table, but (usually) does not get you out of the questionnaire entirely.
You're totally right, which is why I said to read over the NDA before signing :) I fully admit that we do not have the legal expertise to try and tackle that problem at this point.
No worries. 15 pages sounds like a doozy!
No need to feel bad It's a cost of doing business :)
What you describe is exactly what we do. Every single answer output by Stacksi is required to be explicitly approved by a member of our client's infosec team before it can be exported and used. Questions that we don't…
You're right. My answers go something like this: 1. We handle a company's security documentation the same way companies treat any sensitive info they are storing (credit card data, PII, etc). We store it encrypted at…
Every single answer that comes out of Stacksi needs to be approved by an employee of the client before it can be exported and downloaded. The vast majority of answers to questions comes directly from a client's own…
You sound like you should talk to us and get your time back :) A lot of auditors make it seems like once you have your SOC2 or ISO27001 certification that you'll be free from these forever, but our finding is that it…
I'd love to see stats on that. I'd bet that rather than losing the deal entirely, the more common case is that the deal gets delayed (possibly significantly) if something is flagged in a security review. After all, even…
If you want to go in depth on our operational or security controls in due diligence as a potential customer, we'd be happy to do so over email. You could even send us a questionnaire ;) However, you'll have to forgive…
Stacksi is happy to sign (and has signed!) numerous NDAs with our clients. If you're talking about the NDA process between vendors and assessors, that is a whole different can of worms which we have not really waded…
If you're not answering many questionnaires, it's totally possible that you don't need help. We have customers who are filling out 5-10 of these per week, and the time really adds up. We also have absolutely no…
Loopio and RFP.io are direct competitors. They are both good tools, but are designed for RFP response in general and not security specific. RFPs do tend to have security sections, so there is some overlap for sure, but…
I've never seen a 200 page one, but 200+ questions is fairy common. At 15 pages yours probably clocks in around there at least :)
Hi there! Questionnaires get sent when companies want to do business together that requires sharing sensitive info with each other. I envy that you have never had to deal with these!
We totally agree! At our last company these were a major PITA and slowed us down a lot because when we first started working with other businesses, we were not prepared to handle them at all. We want to help remove the…
We appreciate the comment :)
We'd love to! Reach out to us!
Admittedly, I have not seen any of Skypher besides their website. That said, the biggest differentiator that I see is that we use a human in the loop model, while Skypher is a purely software solution. In other…
We definitely think about that, but our previous experience is as startup founders so we're starting out by addressing a problem we know very well.
We practice what we preach when it comes to security. So all customer data is encrypted at rest and in transit, access is limited using RBAC, we have 2FA on everything, etc. We also never send customer security data to…
Thanks for the kind words!
If you have that problem in the future, please do reach out to us! That is an interesting hypothesis, and to be perfectly honest, I'm not sure what the answer is. There are plenty of existing business where you can pay…
That sounds terrible! Im so sorry!
The ultimate success or failure of our business depends on our ability to get our NLP to deliver high quality answers and minimize the time our own internal reviewers need to spend on each questionnaire. We are making…
Yep. Having them now gets you a seat at the table, but (usually) does not get you out of the questionnaire entirely.
You're totally right, which is why I said to read over the NDA before signing :) I fully admit that we do not have the legal expertise to try and tackle that problem at this point.
No worries. 15 pages sounds like a doozy!
No need to feel bad It's a cost of doing business :)
What you describe is exactly what we do. Every single answer output by Stacksi is required to be explicitly approved by a member of our client's infosec team before it can be exported and used. Questions that we don't…
You're right. My answers go something like this: 1. We handle a company's security documentation the same way companies treat any sensitive info they are storing (credit card data, PII, etc). We store it encrypted at…
Every single answer that comes out of Stacksi needs to be approved by an employee of the client before it can be exported and downloaded. The vast majority of answers to questions comes directly from a client's own…
You sound like you should talk to us and get your time back :) A lot of auditors make it seems like once you have your SOC2 or ISO27001 certification that you'll be free from these forever, but our finding is that it…
I'd love to see stats on that. I'd bet that rather than losing the deal entirely, the more common case is that the deal gets delayed (possibly significantly) if something is flagged in a security review. After all, even…
If you want to go in depth on our operational or security controls in due diligence as a potential customer, we'd be happy to do so over email. You could even send us a questionnaire ;) However, you'll have to forgive…
Stacksi is happy to sign (and has signed!) numerous NDAs with our clients. If you're talking about the NDA process between vendors and assessors, that is a whole different can of worms which we have not really waded…
If you're not answering many questionnaires, it's totally possible that you don't need help. We have customers who are filling out 5-10 of these per week, and the time really adds up. We also have absolutely no…
Loopio and RFP.io are direct competitors. They are both good tools, but are designed for RFP response in general and not security specific. RFPs do tend to have security sections, so there is some overlap for sure, but…
I've never seen a 200 page one, but 200+ questions is fairy common. At 15 pages yours probably clocks in around there at least :)
Hi there! Questionnaires get sent when companies want to do business together that requires sharing sensitive info with each other. I envy that you have never had to deal with these!
We totally agree! At our last company these were a major PITA and slowed us down a lot because when we first started working with other businesses, we were not prepared to handle them at all. We want to help remove the…
We appreciate the comment :)
We'd love to! Reach out to us!
Admittedly, I have not seen any of Skypher besides their website. That said, the biggest differentiator that I see is that we use a human in the loop model, while Skypher is a purely software solution. In other…
We definitely think about that, but our previous experience is as startup founders so we're starting out by addressing a problem we know very well.