Analyst glossary
Security questionnairesCustomer trustAI governanceReviewed Jun 2026

Security Questionnaire Automation Glossary

A buyer-focused knowledge index for the terms that show up in security reviews, trust centers, answer libraries, AI-assisted response workflows, third-party risk, and GRC-adjacent procurement conversations.

Terms live78

Published definitions available in the glossary.

Categories7

Topic groups for scanning related concepts.

Reviewed20

Terms with visible last-reviewed dates.

Last checkedJun 2026

Most recent glossary review signal.

Glossary Categories

Knowledge map

Alphabetical Index

Definition library
01
AI & Governance

AI-Assisted Answers

Questionnaire responses drafted or suggested by AI using approved source content and workflow context.

->
02
Integrations

API Extensibility

How much a tool lets you connect and automate it through its API.

->
03
AI & Governance

Answer Freshness

A measure of whether reusable questionnaire answers still reflect current policies, controls, systems, and commitments.

->
04
Workflow Ops

Answer Owner

The person responsible for keeping a particular answer correct and current.

->
05
Core Concepts

Approved Answer Library

A governed repository of reviewed answers that teams reuse across questionnaires, RFPs, DDQs, and customer questions.

->
06
Workflow Ops

Approver

The person who gives final sign-off before an answer is sent.

->
07
AI & Governance

Audit Log

A tamper-resistant record of who did what and when in the system.

->
08
Integrations

Browser Extension

A browser add-on that helps fill out questionnaires inside other web pages.

->
09
Standards & Evidence

CAIQ

A standard cloud-security questionnaire from the Cloud Security Alliance.

->
10
Integrations

CRM Integration

Linking your security-review tool to your CRM so deal data stays in sync.

->
11
AI & Governance

Change History

A version-by-version record of how an answer or document changed over time.

->
12
AI & Governance

Citation-Backed Security Answer

A security answer that shows exactly which document or record it came from.

->
13
AI & Governance

Cite-or-Abstain AI

AI that either backs up its answer with a source or says it cannot answer.

->
14
TPRM & GRC

Compliance Automation

Software that automatically gathers evidence and checks controls to keep you compliant.

->
15
AI & Governance

Confidence Score

A rating showing how sure the system is about an answer it produced.

->
16
AI & Governance

Conflicting Source

When two of your documents disagree about the same answer.

->
17
Workflow Ops

Content Review Calendar

A schedule for regularly checking that your saved answers are still accurate.

->
18
Core Concepts

Customer Security Review

The review a customer or prospect performs to evaluate a vendor’s security, privacy, and compliance posture.

->
19
Trust Centers

Customer Trust

The operating discipline of making security, privacy, and compliance posture understandable and verifiable for customers.

->
20
Standards & Evidence

DDQ

A questionnaire used to vet a vendor or partner before working with them.

->
21
Standards & Evidence

Data Processing Agreement

A contract setting the rules for how a vendor handles personal data on your behalf.

->
22
Trust Centers

Deflection Rate

The percentage of security questions answered by your trust center instead of by hand.

->
23
Integrations

Document Storage Integration

Linking your security tool to where your documents are stored.

->
24
Standards & Evidence

Evidence Management

The process of collecting, maintaining, reviewing, and sharing supporting proof behind security questionnaire answers.

->
25
Workflow Ops

Exception Request

A request to allow a known risk for now, with sign-off and an expiry.

->
26
TPRM & GRC

GRC

A combined approach to running governance, managing risk, and meeting compliance obligations.

->
27
Trust Centers

Gated Trust Center

A trust center that makes visitors sign in or request access before seeing sensitive documents.

->
28
AI & Governance

Grounded AI

AI that answers using only your approved documents, not whatever it happens to know.

->
29
AI & Governance

Hallucination Risk

The chance that AI confidently states something that is simply not true.

->
30
AI & Governance

Human-in-the-Loop Review

A control pattern where people review, approve, or reject AI-generated security answers before external use.

->
31
Standards & Evidence

ISO 27001 Certificate

A certificate showing a vendor's security management system meets the ISO 27001 standard.

->
32
TPRM & GRC

Inherent Risk

The risk a vendor poses before any safeguards are considered.

->
33
Workflow Ops

Intake Form

A starter form that collects basic details to kick off a vendor review.

->
34
Integrations

Jira Escalation Workflow

Turning security-review follow-ups into tracked Jira tickets for the right team.

->
35
Workflow Ops

Legal Review

Lawyers reviewing the contract terms tied to a vendor relationship.

->
36
Trust Centers

NDA-Gated Access

Access to sensitive documents only after the viewer agrees to an NDA.

->
37
Integrations

OneTrust Questionnaire Portal

A buyer-run portal, in this case associated with OneTrust, for completing vendor assessments.

->
38
Integrations

Original-Format Export

Exporting completed questionnaire answers back into the buyer’s requested spreadsheet, document, PDF, or portal format.

->
39
Standards & Evidence

Penetration Test Report

A report from an authorized hacking test showing what weaknesses were found.

->
40
Integrations

Portal Autofill

The workflow of entering questionnaire answers into third-party buyer or vendor-risk portals, often with browser support.

->
41
Trust Centers

Private Trust Center

A trust center visible only to approved or signed-in viewers.

->
42
Workflow Ops

Procurement Review

The buyer's process for approving a vendor purchase, including security checks.

->
43
Trust Centers

Public Trust Center

A trust center anyone can view without signing in.

->
44
Workflow Ops

Questionnaire Approval Workflow

The routing and review process used to approve questionnaire answers before they are sent to a buyer.

->
45
Workflow Ops

Questionnaire Tracker

A dashboard showing the status and ownership of each questionnaire.

->
46
Workflow Ops

Questionnaire Turnaround Time

The elapsed time between receiving a questionnaire and returning an approved response package.

->
47
Standards & Evidence

RFI

A formal request asking a vendor to share information about its offering.

->
48
Standards & Evidence

RFP

A formal request asking vendors to propose a solution, usually with security requirements.

->
49
Workflow Ops

Reassessment

Re-checking an existing vendor's security on a schedule or after a change.

->
50
Workflow Ops

Remediation Request

A request asking a vendor to fix a problem found during review.

->
51
Workflow Ops

Renewal Review

A security check done when a vendor contract is up for renewal.

->
52
TPRM & GRC

Residual Risk

The risk left over after safeguards are in place.

->
53
Workflow Ops

RevOps Handoff

Passing a deal between sales and other teams without losing security-review context.

->
54
Workflow Ops

Reviewer

The person who checks a draft answer for accuracy before it moves forward.

->
55
TPRM & GRC

Risk Scoring

Rating a vendor or finding to express how risky it is.

->
56
Standards & Evidence

SIG Questionnaire

A widely used standard vendor-risk questionnaire from Shared Assessments.

->
57
Workflow Ops

SME Routing

Assigning difficult, sensitive, or unanswered questionnaire items to the right subject-matter expert.

->
58
Standards & Evidence

SOC 2 Report

An independent audit report on a vendor's security controls; Type II covers a period, Type I a single date.

->
59
Workflow Ops

Sales Engineering Review

A technical review where a sales engineer helps answer a buyer's security questions.

->
60
Integrations

Salesforce Security Review Workflow

Managing security-review tasks directly inside Salesforce, linked to the deal.

->
61
AI & Governance

Security Claims Management

The practice of keeping all your security claims accurate, sourced, and up to date.

->
62
Core Concepts

Security Questionnaire

A buyer or vendor assessment document used to evaluate a company’s security, privacy, compliance, and operational controls.

->
63
Core Concepts

Security Questionnaire Automation

Software-assisted workflow for drafting, reviewing, approving, and reusing answers to customer security questionnaires.

->
64
Core Concepts

Security Questionnaire Knowledge Base

The source library of approved answers, documents, policies, evidence, and context used to support questionnaire responses.

->
65
Core Concepts

Security Questionnaire Response Software

Software that helps teams answer inbound customer security questionnaires with reusable content, evidence, and review workflows.

->
66
Integrations

Slack Approval Workflow

Getting answers or documents approved through requests sent in Slack.

->
67
AI & Governance

Source Citation

A reference that shows which source document, answer, policy, control, or evidence item supports a questionnaire response.

->
68
AI & Governance

Source of Truth

The one place that holds the official, approved version of an answer.

->
69
AI & Governance

Stale Answer

An old answer that is now out of date because something changed.

->
70
Standards & Evidence

Subprocessors List

A list of the outside parties a vendor relies on to handle your data.

->
71
TPRM & GRC

Third-Party Risk Management

The practice of assessing and monitoring the risks vendors bring to your organization.

->
72
Trust Centers

Trust Center

A buyer-facing destination for security, privacy, compliance, and assurance materials.

->
73
Trust Centers

Trust Center Analytics

Reports showing who viewed or requested documents in your trust center.

->
74
Trust Centers

Trust Center Deflection

Answering a buyer's security questions through a self-serve page instead of filling out their form.

->
75
Integrations

Vendor Portal

A buyer-run website where vendors fill out and submit security questionnaires.

->
76
TPRM & GRC

Vendor Risk Assessment

A buyer-side review used to evaluate the risk of working with a supplier, vendor, or third-party service provider.

->
77
Core Concepts

Vendor Security Review

The diligence process a buyer uses to understand a vendor’s security posture before or during procurement.

->
78
Integrations

Webhook

An automatic notification one tool sends another when something happens.

->