Research survey

How organisations manage cybersecurity posture assessments and assurance questionnaires

This short survey takes around 3-4 minutes. Responses will help guide the development of PostureKit, an early-stage product for cybersecurity posture reviews, compliance questionnaires, and vendor assurance workflows.

Company website

Which best describes your role?

IT Manager / Head of ITSecurity Manager / Security LeadCompliance / GRC / Risk professionalCybersecurity consultantvCISO / Fractional security leaderMSP / Managed IT or security providerProcurement / vendor managementBusiness owner / executiveOther

If Other, please describe your role

Which of these have you been involved in during the last 12 months?

Internal cybersecurity posture assessmentCustomer security/compliance questionnaireVendor or supplier security reviewAudit, certification, or readiness reviewAdvising clients on any of the aboveNone of the above

How are these processes usually managed?

SpreadsheetsWord/PDF documentsEmailTicketing/project toolsGRC or compliance platformInternal system or custom workflowConsultant-created templatesMostly ad hoc / no formal processOther

Which parts are most frustrating?

Choose up to 3.

Repeating the same questions or workChasing people for answersTracking what changed over timeProducing a clear stakeholder-ready summaryHandling or referencing evidenceUnderstanding which controls matterMapping answers to frameworksReviewing vendor/customer assurance quicklyOther

How valuable would a point-in-time cybersecurity posture snapshot be?

12345

Not usefulVery useful

How useful would it be to track evidence references without uploading sensitive evidence files?

12345

Not usefulVery useful

Which use case sounds most compelling?

Assess my own organisation's cyber posturePrepare for audit/readiness reviewsComplete customer security questionnaires more efficientlyReview vendor/supplier security posture more consistentlySupport client assessments as a consultant or vCISONone of these stand out

Which framework or scheme is most relevant to your work?

NIST 800-171NIST Cybersecurity FrameworkISO 27001Essential EightSOC 2CMMCNone / not framework-drivenOther

If Other, please name the framework or scheme

In one sentence, what would make this kind of process significantly easier?

Optional: open to a 20-30 minute follow-up conversation?

YesNo

Email if yes

I agree that PostureKit may use my responses for product research and contact me about follow-up research.