SaaSFort
Use case · Vendor questionnaire

External security scan for a vendor questionnaire

A prospect sent a SIG, CAIQ, or custom security questionnaire, and the deal sits until you return it. A large share of the technical rows ask about externally-observable controls: TLS, certificates, headers, DMARC, exposed services. A scan answers those with evidence instead of a self-asserted yes, and gives you a dated PDF to attach so procurement stops the follow-up round.

Scan your domain free (60s) €39 Audit Pack

What the scan proves here

Direct answers to the technical rows

TLS version, HSTS, certificate validity, security headers, DMARC, and exposed-service rows are answered straight from the scan output.

Evidence procurement accepts

A dated, control-mapped PDF beats a self-asserted answer and removes the "can you prove it" follow-up that usually adds a week.

Control-language mapping

Every finding maps to NIS2 Article 21 and ISO 27001 Annex A, the language most questionnaires are written in.

A re-runnable baseline

Re-scan before each renewal so your answers stay current rather than going stale between deals.

Why it matters

Roughly two-thirds of B2B deals now include a security review, and questionnaire turnaround is a common reason deals slip a quarter. Answering the external section in an hour instead of a week keeps the deal on its original timeline.

Turn the scan into a dated PDF for €39

The free scan shows your grade on screen. The Audit Pack adds the control-mapped PDF, 90 days of re-scans, and a dated attestation, the artifacts this situation actually calls for.

Get the €39 Audit Pack Run my free scan first

Frequently asked questions

Which questionnaire rows can a scan answer?

The externally-observable ones: TLS and cipher configuration, certificate chain, HSTS and other security headers, DMARC and SPF, DNSSEC, and exposed administrative services. It will not answer internal-policy rows like access reviews or training, which need your own documentation.

Do I attach the report or copy from it?

Both work. Attach the dated PDF as evidence and copy the specific findings into the matching rows. Reviewers prefer attachable proof because it answers the verification question before they ask it.

Other scan use cases: SOC 2 prep ·NIS2 / BSI ·Enterprise sales ·M&A diligence