Problem: Early-stage SaaS teams lose days answering lengthy security questionnaires to close B2B deals. Source signal: “Ask HN: How small startups deal with long security questionnaires from clients?” shows repeated pain among founders. Solution (web app): Central knowledge base of controls (SOC2/ISO27001 mappings), auto-fill vendor questionnaires (Excel/portal/PDF), human-in-the-loop edits, evidence vault, approval workflow, and exports. Integrations: GDocs, Excel, Guru/Notion/Confluence, ticketing (Jira), and e-signature for attestations. Differentiation: Focused on sub-SOC2 teams with fast setup, AI-assisted answer selection from prior deals, and ‘explain-your-control’ drafting. Competitors validating willingness to pay: Stacksi, Conveyor, SafeBase, Whistic (evidence of paid market). ICP: 2–100 person SaaS selling to mid-market/enterprise. Pricing hypothesis: $99–$399/mo tiered by users/vendors, plus per-questionnaire concierge credits. Source: https://news.ycombinator.com/item?id=36488436
Platform: web
| Keyword | Global monthly volume | KD (difficulty) |
|---|---|---|
| vendor risk management | 880 | 22 |
| vendor risk management software | 720 | 25 |
| security questionnaire automation | 260 | 4 |
| vendor security questionnaire | 170 | 1 |
| vendor risk assessment | 480 | 9 |
| ai security questionnaire | 170 | 4 |
| All core buying-intent phrases sit < 30 KD, several >> 500 searches. CPCs $30-$78 show commercial intent. |
SERP for “security questionnaire automation” returns vendors already charging: