[sverhagen]

I think this is the wrong answer. Of course you aren't liable, your value proposition shouldn't be shifting the liability, it should be just about shifting the bulk of the work. Any company worth their salt doesn't have one person working on RFPs or such, so you can help reduce the team, but your customer should still do a review. That way they still save money on the (more tedious) initial preparation, while still being in charge of the end result.

[joetheone]

What you describe is exactly what we do. Every single answer output by Stacksi is required to be explicitly approved by a member of our client's infosec team before it can be exported and used. Questions that we don't know the answer to or that we have taken an educated guess at are explicitly flagged as such and our reviewed together by our team and the questionnaire reviewer at the client.

I see Stacksi as giving our client's an extra pair of hands on their team to help with this tedious work. We're a jr. team member though, so our work needs to be checked over before being sent :)