From dream, to MVP, to industry standard - how Metosin helped build a human and AI-powered service for dealing with Vendor Security Questionnaires.



Repliance: Making those dreaded security questionnaires less scary


In the spring of 2021, the company that would eventually be called Repliance, was little more than an idea. A really good idea, too, but to understand how good of an idea, some context is required:

If you've ever worked with any U.S.-based SaaS company, you may have had to deal with the notorious "Vendor Security Questionnaire" — or the "Third-Party Vendor Assessment Questionnaire", or some variations thereof.

Or, as it's more commonly known — the "Dreaded Security Questionnaire".

The VSQ is the industry standard for would-be clients to evaluate the security protocols of a prospective technology vendor. VSQs are notoriously complex and require significant resources to be correctly dealt with; and yet, it usually falls on the sales department to sift through process descriptions and technical documentation in search of answers to questions including:

How do you test the security of your production network and applications? Internal, third parties or both? If so, what is the cadence? Explain your methodology.

Time is literally money in these scenarios; if the VSQ isn't completed in a timely manner, it's not uncommon for deals to fall through. The organization's IT team inevitably inherits the responsibility of providing VSQ support. This means other priorities are pushed to the side while it's all-hands-on-deck for dealing with the VSQ.

In collaboration with the team at Metosin, Repliance designed and built a system from scratch. One that uses a blend of machine learning and expert knowledge to answer VSQ requests. This system was instrumental in scaling up Repliance's business and customer offer.

But as anyone who has ever built a business can attest, there's a great distance between a promising idea and a fully operational entity. Metosin was proud to be a development partner in the scale-up; from a dream to an MVP created by one-and-a-half person team, to a fully-realized business.


Metosin's solutions must always adapt and scale along with the client's business. That’s the standard we hold ourselves to, on every project we touch. Once the initial Proof of Concept was completed, we used it as the foundation while we went on to build and refine what would eventually become the core of the Repliance offer. The scalability of the system was continually tested as the team (and the dream) continued to grow.

From the knowledge gained during the PoC phase, and with development and design informing one another, the project grew from an application for ingesting questionnaires from "gnarly" Excel files and "dreadful" web portals — to implementing indexing and information search via NLP machine learning models.

The product development process evolved from a flat ticketing system to a more structured model, with a focus on systematic operations (using selected Shape Up methodologies, if you're a product development nerd too).

Even with Metosin in Finland and the Repliance team a full 8-hour workday behind in Chicago, a shared sense of camaraderie and purpose made the distance feel smaller. Yes, the daily work was on different timezones, but parts of the teams on both sides also travelled, to Chicago and to Finland, to see in person to give strength to work remotely.


The Repliance and Metosin teams were able to create a framework that takes in client security data, refines it and uses it to select efficient, accurate answers. This, along with expert personnel and the technological tools put at their fingertips, has enabled Repliance to gain a true competitive edge in both response times and accuracy of VSQ responses. The things their customers appreciate - and benefit from - the most.

From the Client

"Metosin was one of the founding components of Repliance.

Their team members helped turn our ideas and concepts into tangible tools. Metosin not only helped us create software but also establish processes and core practices like quarterly retrospectives. Their many contributions will always be a part of our culture and company."

- Ewa Jodlowska
Co-founder and CEO, Repliance

want to know more? get in touch!

Related cases

We'd love to hear from you