AccountMade
Free tool

Analyze a security questionnaire before you answer it.

Upload or paste a SIG, CAIQ, or custom questionnaire. Get the question count, the framework(s) it uses, the difficulty spread by domain, and an honest estimate of the hours it will take — in seconds.

Parsed entirely in your browser. Your questionnaire never leaves your device.

Drop a questionnaire, or choose a file

.xlsx, .docx, or .pdf — parsed in your browser, never uploaded.

Security questionnaire questions, answered

How long does a security questionnaire take to complete?

Most security questionnaires take 8–40 hours to answer by hand, with 12–18 hours a common average. The real number depends on question count and difficulty: a short yes/no takes 1–3 minutes, while a question requiring a narrative answer or attached evidence can take 20–35 minutes. The analyzer estimates a range from the actual mix in your file.

How many questions are in a SIG or CAIQ questionnaire?

The CSA CAIQ v4 has roughly 261 questions across 17 domains. The Shared Assessments SIG is scopable: SIG Lite is around 120–130 questions, while SIG Core commonly runs several hundred to ~850, spanning 21 risk domains. Because both are routinely trimmed to scope, the analyzer counts the questions actually present rather than assuming a fixed size.

How can I tell which framework a security questionnaire uses?

The clearest signal is the control-ID grammar: CAIQ uses IDs like AIS-01.1 across 17 domain prefixes, SOC 2 uses CC1–CC9 criteria, and ISO 27001 uses Annex A references like A.8.24. SIG is identified by its domain-lettered questions and multi-tab spreadsheet. The analyzer fingerprints these patterns and reports every framework it detects, primary first.

Does the analyzer upload my questionnaire?

No. Every file is parsed entirely in your browser using client-side libraries — the questionnaire never leaves your device and is never sent to a server. You can confirm this in your browser's network tab: analyzing a file makes no upload request.

Answer every buyer from one governed source.