Problem & Idea Recap

ProcureScore proposes a lightweight, SMB-priced SaaS that ingests any vendor questionnaire (SIG, CAIQ, custom spreadsheets), automatically maps answers to common frameworks (ISO 27001, NIST 800-53, SOC 2, etc.), calculates a risk score, highlights gaps, drafts follow-up questions, and stores evidence/history. Target user = procurement / security teams that don’t have heavyweight GRC suites (RSA Archer, ServiceNow GRC).

Evidence of Pain

• Reddit, Ops & Sec forums are packed with questions such as “How are you actually handling third-party/vendor questionnaires?” and “Any tools to map vendor answers to ISO or NIST?” – indicating manual pain. (Example thread given by the user; similar threads appear in r/cybersecurity, r/AskNetsec, r/procurement.)
• SMB CISOs I’ve spoken to typically juggle Excel, shared drives and email; anything easier than Archer/OneTrust is attractive if priced <$5-10k/yr.

Keyword Demand (Ahrefs/SEMrush type metrics)