Table of Contents
Summary
Whistic provides a tool to efficiently manage both standard and custom security questionnaires. While we typically do not create or explain the content of these questionnaires—since they are often industry standards developed by third-party organizations and approved for publication on our platform—this article will help guide you in the right direction.
🗂️ Overview
Industry Standards
Industry-standard questionnaires are sourced from reputable security organizations, including the Cloud Security Alliance (CSA), Center for Internet Security (CIS), and Shared Assessments. These organizations develop and publish the questionnaires, which are then formatted and made available through our platform for users to access and complete. As a result, you may encounter multiple versions of the same questionnaire. Generally, the version with the higher number at the top of the page represents the most recent iteration. We recommend using the latest version whenever possible.
Custom Questionnaires
When a company sends a questionnaire request through our platform, they are typically the best source for any questions regarding the content of the questionnaire, particularly if they have created it themselves. These are known as custom questionnaires. Organizations often develop their own custom frameworks to ensure they are asking the most relevant questions that align with their specific security posture and risk management needs.
Questionnaires listed in the Custom section will be both Custom questionnaires you have received as well as ones that you own and have published.
Questionnaire Format
You might see that our standard questionnaires are organized differently from the original spreadsheet templates you know. While the main questions remain consistent across versions, the layout (like tabs, columns, and rows) has changed due to copyright. This is also due to Whistic creating a system that transforms various standards into our streamlined online format, ensuring a reliable and uniform experience on our platform.
🔍 Questionnaire Types
The easiest way to determine if a questionnaire is custom or standard is to follow these quick steps:
- Click Assess > Questionnaires from the top menu
- Scroll or search the questionnaire by the name or description and once located
- Notice the section header on the Questionnaires Tab, this will assist you in identifying the type of questionnaire (see screenshot below).
Each questionnaire block may show the following information:
- Questionnaire accessibility lock (contact your CSM for details),
- Version Update flag,
- Owner's logo,
- Questionnaire name and description,
- Question range tally (depending on logic) and,
- Outstanding customer requests notification
The screenshots below shows each of these parts.
📅 Questionnaire Versions
Questionnaires typically include a version date to distinguish between different updates. A format like 2022.1 indicates that previous versions existed and have since been updated. On our platform, you may see version numbers accompanied by a date stamp, a unique identifier created by the owner or simply the year of the version's release.
To see all the versions for a particular questionnaire, click "Self-Assessments" from the main Questionnaires page.
ℹ️ Question Control Info
You can find useful information that explains questions and terms in the Whistic Question Details Control Info block. To learn more about a particular question, click on the question on the left and then select Control Info on the right. Refer to the image below.
📚 Additional Resources
- For a full list of Industry Standards Published see our Industry Standard Questionnaire article
- How to Build a Custom Questionnaire in Whistic