Im head of engineering at a ~70 people B2B startup and man I HATE these things with passion. I get one almost every other week and yes, they are indeed 200+ questions. Even after you are PCI, SOC2, ISO27001, etc compliant some companies REQUIRE you to fill these things. It is a HUGE pain and time consuming chore.
You sound like you should talk to us and get your time back :)
A lot of auditors make it seems like once you have your SOC2 or ISO27001 certification that you'll be free from these forever, but our finding is that it might get you out of 20% of these at best, and for the rest it's basically table stakes.
I work for a reasonably large corporate in regulated space holding client data, and yeah, our infosec are regularly sending security questionaires. They go to new vendors, or existing vendors when we plan to purchase something new from them. I believe they’re reviewed periodically as well.
No one likes wasting time filling out forms, but in large businesses, theres a need to ensure the whole service (incl. subcontractors/vendors/data processors) are operating properly. So yeah some confirmation is needed... 200 page docs though? Geez. I think ours is ~15.