We have a SOC2 report type II, and security questionnaires/meetings are still there. Once we had a security questionnaire from a potential customer, took a glance at it, told the customer "hey you can find all of the answers in our SOC2 report and in our CAIQ (CSA)", they told us to still fill the questionnaire...