Expert Insights about Secureframe Questionnaires and Knowledge Base from Product Manager Nicky Hu

  • November 03, 2022

Anna Fitzgerald

Senior Content Marketing Manager at Secureframe


Emily Bonnie

Senior Content Marketing Manager at Secureframe

RFPs and security questionnaires are a vital part of any due diligence process. When used well, they help build trust with new customers and close deals. But completing them is highly manual, tedious, and time-consuming. 

Machine learning and artificial intelligence (AI) are making it fast and easy to respond to customer questions and demonstrate your organization’s security, privacy, and compliance posture so you can close more deals faster and accelerate speed to revenue.

In the first Secureframe Webinar | Expert Insights, held on Tuesday, October 25, product manager Nicky Hu showed how Secureframe uses machine learning and AI to respond to RFPs and security questionnaires with 90%+ accuracy. He also showed how easy it is for in-house subject matter experts to keep answers up-to-date and at the ready in the Secureframe Knowledge Base.

If you missed it, we’re recapping his insights and expert advice for using Secureframe Questionnaires to automate and streamline the painful process of responding to RFPs and questionnaires below. 

The problem with the old way of filling out RFPs and questionnaires

Every organization receives RFPs and security questionnaires that they must complete to win the trust of prospective customers and close deals. Unfortunately, the process is highly manual and repetitive.

That’s because there’s no standardized document type, format, questions, or order of questions.

Additionally, as your security and privacy posture change, so too do your answers to these questions. Meaning, you and your teams are often chasing down updated answers from your in-house subject matter experts

All of this translates to longer sales cycles, lost deals and revenue, and your team’s time getting wasted responding to RFPs and questionnaires instead of focusing on serving customers and growing your business.

How Secureframe Questionnaires and Knowledge Base solves that problem

We built Secureframe Questionnaires and the Secureframe Knowledge Base to automate RFPs and security questionnaires, using machine learning to answer questions quickly and easily.

Secureframe Questionnaires pulls responses from previously approved answers in the Secureframe compliance platform, lets you update and approve answers, and then updates the knowledge base with the most recently approved answers to serve as your security, privacy, and compliance system of record.

In doing so, our machine learning algorithms learn as you go to achieve 90% accuracy and beyond in your answers. 

You can also tag your in-house subject matter experts to update answers directly in the Secureframe Knowledge Base so your answers are always at the ready.

The automation helps you close deals faster to accelerate speed to revenue by quickly returning completed questionnaires back to customers in their original format.

To see a demo of how the AI-powered Secureframe Questionnaires helps organizations breeze through RFPs and security questionnaires, check out the webinar recording at the 18-minute mark or schedule your own.

Frequently asked questions about Secureframe Questionnaires and Knowledge Base

Below are 10 questions that were asked and answered live during the Secureframe Webinar on October 25. 

1. Is this available today?

Yes! You can schedule a demo at

2. How much does this cost?

You can purchase Secureframe Questionnaires and knowledge base on top of your existing instance of the Secureframe security and privacy compliance platform. The pricing depends on the number of questionnaires you need per year, among other factors. For an exact quote, reach out to our sales team at

3. What’s the process for getting started? Is there enough data in the Knowledge Base?

If you're using our core compliance platform, our goal is to give you as much of the information from the application as possible at the start. That said, the best content that we could possibly have for questionnaires to help future automation is past questionnaires. There's a level of domain specificity that's always super important for these machine learning algorithms, and that's really irreplaceable when we talk about the end-to-end workflow and future automation.

That's something I've run into time and time again in the machine learning space: there's really no replacement for real live data.

4. Can Secureframe Questionnaires automatically answer questions related to its active integrations, like what is your cloud provider?

Yes, that's exactly how it works if you buy Secureframe Questionnaires as an add-on product to the core compliance platform. That core compliance platform is where we get all of your integration data and where we'd be able to automate questions like what your cloud provider is. If you buy it as a standalone product, unfortunately you don't get a lot of that automation that you get if you also had the core compliance platform. 

5. For the Secureframe Knowledge Base, what are best practices for keeping the content up-to-date and removing duplicates?

You have the ability to schedule reviews in the platform. So you can decide how often you want your content to be reviewed and then, on that predetermined basis, the owner of the Knowledge Base will get an email saying that they have X number of questions and answers that haven’t been reviewed in two weeks or two months or whatever your review cycle is. That's a great way of keeping your content up-to-date. 

For removing duplicates, the solution actually uses machine learning to automatically merge some content as it comes in — for example, if you receive a question that’s similar to a question that already exists in your knowledge base. We're also going to introduce a manual workflow to merge questions in the platform, just so you can make sure to not have multiple sources of truth for a particular question. So we're going to have two ways of addressing duplicates going forward.

6. How does the Secureframe Questionnaires solution handle online questionnaires?

When we began working with customers early on in the build process, they said that seventy-five to ninety percent of the questionnaires they receive are Excel documents. So we built the solution for that use case first.

If you have online security questionnaires in a portal or something, you can usually export them to Excel documents and run it through the standard workflow. 

Now you can easily access answers to security questions from the comfort of your browser with the Knowledge Base Chrome Extension.

7. Is there a plugin or tool to autofill answers from online questionnaires?

There is native auto-filling functionality for Excel documents. So all you have to do is tag the content to start — which the auto-tagging functionality can help with. Then, the content itself will fill out automatically.

For online questionnaires, those will be auto-completed via the Chrome extension.

8. How does the solution deal with a questionnaire where the context of a question appears a few rows above the question itself?

When building the flexible tag interface, we thought a lot about making sure that it could ingest any sort of Excel formatting, however weird it is. That’s why we provide the auto-tagging functionality and also allow you to go in and manually tag any groups of content as you see fit. This is especially important in cases where the formatting isn’t perfect. 

9. Can the Secureframe Knowledge Base be shared with the public, or is it just an internal source of security, privacy, and compliance truth?

Currently, it’s an internal tool to help you process questionnaires and to organize content and knowledge at your company.

That said, we also want to build on top of this to enhance your ability to be proactive about your security posture. In the same way you're proactive about whether you have SOC 2 compliance, HIPAA compliance, and so on, we also want you to proactively generate and share questionnaires so you can hopefully get ahead of this process as much as possible. So while it’s an internal tool, we want to make it public-facing or give you the option to make it public-facing in the future.

10. Is there any functionality to deal with languages other than English?

Currently, we only support English. That said, the technology is built in a way where we will be able to support more and more languages as we expand in the future. 

Certainly, we would love feedback. If customers let us know which languages are a priority, then we can focus on the biggest impact areas moving forward. 

Join our next Secureframe Webinar | Expert Insights

We’re hosting Secureframe webinars regularly throughout the coming months to address the biggest security, privacy, and compliance pain points that we hear from prospects, customers, and our in-house compliance experts. Our next session took place on Tuesday, November 8 at 10:30-11:00 AM PST/1:30-2 PM EST with Secureframe compliance expert and former auditor Marc Rubbinaccio, CISSP, CISA who offered more insights and best practices in just 30 minutes. Watch the recording if you missed it.