Core Concepts
The baseline language for customer security reviews, questionnaire response, and customer trust work.
A buyer-focused knowledge index for the terms that show up in security reviews, trust centers, answer libraries, AI-assisted response workflows, third-party risk, and GRC-adjacent procurement conversations.
Published definitions available in the glossary.
Topic groups for scanning related concepts.
Terms with visible last-reviewed dates.
Most recent glossary review signal.
The baseline language for customer security reviews, questionnaire response, and customer trust work.
Terms that explain how AI-assisted answering should stay grounded, reviewed, and auditable.
Buyer-facing assurance concepts, access controls, deflection metrics, and evidence sharing models.
Questionnaire formats, reports, attestations, and documents buyers commonly request.
Buyer-side risk, compliance, and governance language that overlaps with questionnaire automation.
Operational terms for intake, routing, approvals, exceptions, and recurring review cycles.
Systems and surfaces that connect questionnaire work to CRM, collaboration, document, and portal workflows.
Questionnaire responses drafted or suggested by AI using approved source content and workflow context.
->02How much a tool lets you connect and automate it through its API.
->03A measure of whether reusable questionnaire answers still reflect current policies, controls, systems, and commitments.
->04The person responsible for keeping a particular answer correct and current.
->05A governed repository of reviewed answers that teams reuse across questionnaires, RFPs, DDQs, and customer questions.
->06The person who gives final sign-off before an answer is sent.
->07A tamper-resistant record of who did what and when in the system.
->08A browser add-on that helps fill out questionnaires inside other web pages.
->09A standard cloud-security questionnaire from the Cloud Security Alliance.
->10Linking your security-review tool to your CRM so deal data stays in sync.
->11A version-by-version record of how an answer or document changed over time.
->12A security answer that shows exactly which document or record it came from.
->13AI that either backs up its answer with a source or says it cannot answer.
->14Software that automatically gathers evidence and checks controls to keep you compliant.
->15A rating showing how sure the system is about an answer it produced.
->16When two of your documents disagree about the same answer.
->17A schedule for regularly checking that your saved answers are still accurate.
->18The review a customer or prospect performs to evaluate a vendor’s security, privacy, and compliance posture.
->19The operating discipline of making security, privacy, and compliance posture understandable and verifiable for customers.
->20A questionnaire used to vet a vendor or partner before working with them.
->21A contract setting the rules for how a vendor handles personal data on your behalf.
->22The percentage of security questions answered by your trust center instead of by hand.
->23Linking your security tool to where your documents are stored.
->24The process of collecting, maintaining, reviewing, and sharing supporting proof behind security questionnaire answers.
->25A request to allow a known risk for now, with sign-off and an expiry.
->26A combined approach to running governance, managing risk, and meeting compliance obligations.
->27A trust center that makes visitors sign in or request access before seeing sensitive documents.
->28AI that answers using only your approved documents, not whatever it happens to know.
->29The chance that AI confidently states something that is simply not true.
->30A control pattern where people review, approve, or reject AI-generated security answers before external use.
->31A certificate showing a vendor's security management system meets the ISO 27001 standard.
->32The risk a vendor poses before any safeguards are considered.
->33A starter form that collects basic details to kick off a vendor review.
->34Turning security-review follow-ups into tracked Jira tickets for the right team.
->35Lawyers reviewing the contract terms tied to a vendor relationship.
->36Access to sensitive documents only after the viewer agrees to an NDA.
->37A buyer-run portal, in this case associated with OneTrust, for completing vendor assessments.
->38Exporting completed questionnaire answers back into the buyer’s requested spreadsheet, document, PDF, or portal format.
->39A report from an authorized hacking test showing what weaknesses were found.
->40The workflow of entering questionnaire answers into third-party buyer or vendor-risk portals, often with browser support.
->41A trust center visible only to approved or signed-in viewers.
->42The buyer's process for approving a vendor purchase, including security checks.
->43A trust center anyone can view without signing in.
->44The routing and review process used to approve questionnaire answers before they are sent to a buyer.
->45A dashboard showing the status and ownership of each questionnaire.
->46The elapsed time between receiving a questionnaire and returning an approved response package.
->47A formal request asking a vendor to share information about its offering.
->48A formal request asking vendors to propose a solution, usually with security requirements.
->49Re-checking an existing vendor's security on a schedule or after a change.
->50A request asking a vendor to fix a problem found during review.
->51A security check done when a vendor contract is up for renewal.
->52The risk left over after safeguards are in place.
->53Passing a deal between sales and other teams without losing security-review context.
->54The person who checks a draft answer for accuracy before it moves forward.
->55Rating a vendor or finding to express how risky it is.
->56A widely used standard vendor-risk questionnaire from Shared Assessments.
->57Assigning difficult, sensitive, or unanswered questionnaire items to the right subject-matter expert.
->58An independent audit report on a vendor's security controls; Type II covers a period, Type I a single date.
->59A technical review where a sales engineer helps answer a buyer's security questions.
->60Managing security-review tasks directly inside Salesforce, linked to the deal.
->61The practice of keeping all your security claims accurate, sourced, and up to date.
->62A buyer or vendor assessment document used to evaluate a company’s security, privacy, compliance, and operational controls.
->63Software-assisted workflow for drafting, reviewing, approving, and reusing answers to customer security questionnaires.
->64The source library of approved answers, documents, policies, evidence, and context used to support questionnaire responses.
->65Software that helps teams answer inbound customer security questionnaires with reusable content, evidence, and review workflows.
->66Getting answers or documents approved through requests sent in Slack.
->67A reference that shows which source document, answer, policy, control, or evidence item supports a questionnaire response.
->68The one place that holds the official, approved version of an answer.
->69An old answer that is now out of date because something changed.
->70A list of the outside parties a vendor relies on to handle your data.
->71The practice of assessing and monitoring the risks vendors bring to your organization.
->72A buyer-facing destination for security, privacy, compliance, and assurance materials.
->73Reports showing who viewed or requested documents in your trust center.
->74Answering a buyer's security questions through a self-serve page instead of filling out their form.
->75A buyer-run website where vendors fill out and submit security questionnaires.
->76A buyer-side review used to evaluate the risk of working with a supplier, vendor, or third-party service provider.
->77The diligence process a buyer uses to understand a vendor’s security posture before or during procurement.
->78An automatic notification one tool sends another when something happens.
->