Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The AI Questionnaire module handles both sides of the vendor assessment process:

Respond to customers

Customers send you a security questionnaire. Matproof reads your existing policies, controls, and evidence to auto-fill the answers.

Assess your vendors

You send a questionnaire to a vendor. Track their responses and score their security posture from one place.
AI Questionnaire is included on every plan. Per-month answer-generation quotas vary by tier — see Plans & Pricing.

Importing a questionnaire

Matproof accepts the most common formats used in vendor assessments:
  • SIG Lite (Shared Assessments)
  • CAIQ (Cloud Security Alliance)
  • Custom Excel or Word questionnaires
To import:
  1. Go to Questionnaire (/[orgId]/questionnaire)
  2. Click New Questionnaire
  3. Select the type: Respond (incoming from customer) or Send (outgoing to vendor)
  4. Upload the file or paste the questions directly
  5. Matproof parses the questions and displays them in the editor
For outgoing questionnaires, enter the vendor’s name and email. Matproof sends them a link to complete the form.

AI auto-fill (responding to customers)

When you receive a questionnaire from a customer, Matproof’s AI reads each question and matches it against:
  • Your published policies
  • Your mapped controls and their evidence
  • Your knowledge base of saved standard answers
To run auto-fill:
  1. Open the imported questionnaire
  2. Click Auto-fill with AI
  3. Review each answer — green means high confidence, yellow means review recommended
  4. Edit any answers before exporting
Auto-fill accuracy improves over time as you add more evidence and refine your knowledge base. Run it even on your first questionnaire — it handles most standard questions out of the box.
Always review AI-generated answers before sending. The AI works from your documented controls — if a control is not yet documented in Matproof, the answer may be incomplete.

Knowledge base

The knowledge base stores your approved answers to common security questions so they can be reused across questionnaires without re-generating them each time. To manage:
  1. Go to QuestionnaireKnowledge Base (/[orgId]/questionnaire/knowledge-base)
  2. Add a question-answer pair manually, or save an answer directly from a questionnaire you have already reviewed
  3. Tag answers by topic (e.g., access control, encryption, incident response) for faster retrieval
When AI auto-fill runs on a new questionnaire, it checks the knowledge base first before generating a new answer. If a match is found, the saved answer is used directly.

Statement of Applicability (SOA)

The SOA is an ISO 27001 requirement. It lists every control from Annex A and states whether it applies to your organization, and if not, why it is excluded. To generate your SOA:
  1. Go to QuestionnaireSOA (/[orgId]/questionnaire/soa)
  2. Matproof pre-populates applicability based on the frameworks you have activated and the controls you have mapped
  3. Review each control — mark as Applicable, Not applicable, or add an exclusion justification
  4. Export as PDF or Excel for your ISO 27001 audit
The SOA must be reviewed and updated at least annually under ISO 27001. Matproof tracks when the SOA was last modified so you can demonstrate this to auditors.

Sending questionnaires to vendors

Use this flow when you need to assess a third-party vendor’s security before onboarding them or as part of annual vendor reviews.
  1. Go to QuestionnaireNew QuestionnaireSend to Vendor
  2. Select a template (SIG Lite is recommended for most vendor assessments) or upload a custom one
  3. Enter the vendor’s name and contact email
  4. Set a response deadline
  5. Send — the vendor receives a link to fill in the form directly (no Matproof account required)
Responses are collected in the questionnaire view. You can score each section and attach the completed questionnaire to the vendor’s record in Matproof’s vendor risk module.
Pair vendor questionnaire results with your Vendor Risk module to build a complete risk profile for each third party.

Exporting responses

Once you have reviewed and finalized your answers:
  1. Open the questionnaire
  2. Click Export
  3. Choose the output format: Excel, Word, or PDF
The exported file preserves the original structure of the questionnaire with your answers filled in, so it is ready to send back to the customer without reformatting.