Stop Maintaining CAIQ Responses in Excel - Treat Them As Code

Every B2B SaaS company eventually has to fill out a CAIQ. If you sell to enterprise, you've probably filled out a dozen.

The current state of the art: someone copies last quarter's .xlsx into a new sheet, edits the cells that changed, and emails it to the prospect. Nobody knows what changed between v3 and v4. The schema drifts from the official CSA version. The export breaks Excel formatting in subtle ways that make security reviewers raise eyebrows.

@hailbytes/caiq-lite lets you treat your CAIQ as code instead.

Author in YAML

# responses.yaml
provider:
 name: Acme Inc
 contact: [email protected]
responses:
 AIS-01.1:
 answer: yes
 notes: |
 Application security training is required annually for all engineers.
 Completion is tracked in our LMS and audited each quarter.
 AIS-01.2:
 answer: yes
 notes: SAST runs on every PR via GitHub Actions.

Validate, diff, export

import { loadCAIQ, validate, diff, exportTo } from '@hailbytes/caiq-lite';

const caiq = await loadCAIQ('responses.yaml');

// Validate against the official CAIQ-Lite schema
const result = validate(caiq);
if (!result.valid) console.error(result.errors);

// Diff against last quarter's version
const changes = diff(previousCAIQ, currentCAIQ);
console.log(changes.added, changes.removed, changes.modified);

// Export to whatever the prospect actually wants
const pdf = await exportTo(caiq, { format: 'pdf' });
const xlsx = await exportTo(caiq, { format: 'xlsx' });
const md = await exportTo(caiq, { format: 'markdown' });

Why YAML

Because it diffs cleanly in git, your trust center can render it as a static site, your CI can validate it on every PR, and you stop emailing spreadsheets.

npm install @hailbytes/caiq-lite

Source: github.com/hailbytes/caiq-lite - MIT licensed.