Self-assessments are definitely an option some companies use, but there is a middle ground between a full assessment conducted by the customer and a self-assessment. ISO, SOC2, etc. all provide what I would consider to be better than a simple self-assessment as they require a third-party audit. They aren't anywhere close to perfect but they are significantly better than a self-assessment IMHO. There are no guarantees, of course.
