If you open the questionnaire and find that some questions already have answers, there are several possible explanations. Read through the scenarios below to identify which applies to you.
A colleague has already answered them
If multiple team members from your company are working on the questionnaire simultaneously, a colleague may have already completed some sections before you logged in. This is expected behaviour on a collaborative assessment.
To avoid duplicating or overwriting each other's work:
Check in with your team before making changes to answers that are already complete
Coordinate on which team member is responsible for which sections before you begin
For an overview of how multi-user access works, see [User roles on the CyberVadis platform] and [How to invite colleagues to work on the questionnaire].
You are completing a reassessment
If your company has been assessed by CyberVadis before, your questionnaire is pre-filled with the answers and evidence from your previous assessment. This is intentional: it saves you from starting from scratch and allows you to focus on reviewing and updating what has changed since your last assessment.
Do not assume pre-filled answers are still up-to-date. Review each one carefully, update any answers that no longer reflect your current practices, and check that all attached evidence is still valid and up to date. See [Making reassessments easy: pre-filled questionnaire guide] for a full walkthrough.
You hold a valid ISO 27001 certificate (ISO prefill)
If your company provided a valid ISO 27001 certificate and Statement of Applicability (SoA) during the certificate upload stage, the controls that fall within your ISO certification scope will be automatically pre-filled in your questionnaire. This reflects the security practices already verified by your ISO certification.
When you encounter ISO-prefilled controls:
Review each pre-filled answer to confirm it accurately reflects your current certified practices
Check that the attached evidence, your certificate and SoA, is still valid and has not expired
Update any controls where your practices have changed since your last certification audit
Mark each reviewed question as complete using the green toggle once you are satisfied the answer is accurate
Controls outside your ISO certification scope will not be pre-filled and must be completed manually.
The AI prefill has completed sections on your behalf (AI prefill)
If you uploaded your information security documentation to the platform, our AI prefill tool, developed in-house, will have analysed your documents and automatically filled in the relevant controls and attached the corresponding evidence on your behalf.
Your role is to review what the AI prefill has done, not to start from scratch. Here is how to work through it:
Review each pre-filled control: check that the answer accurately reflects your company's actual practices and that the evidence attached is the right document for that control
Mark complete questions as done: where the AI prefill has done its job correctly, toggle the question to "Question Completed" using the green toggle at the top of the question page
Complete the remaining questions manually: where the AI prefill has left controls unanswered or flagged that additional input is needed, review and complete those sections yourself before marking the question as complete
The AI prefill is designed to significantly reduce the time required to complete the questionnaire, but the accuracy of your final submission is your responsibility.
Always review AI-generated answers carefully before marking a question as complete.