The vendor security and assessment questionnaire template is an in-depth questionnaire that is used to bring on or evaluate an existing vendor. This questionnaire has been created by vendor management and sourcing specialists and can be tweaked to collect important data about a vendor that can help to assess if the vendor fits into your organization's plans and what are their security policies. This survey template consists of vendor identifying questions as well as other survey questions that collects in-depth data about their data management policies, methods to safeguard personally identifying information (PII), proactive and reactive security policies and specific policies to manage user data like GDPR compliance.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vendor Assessment Company name Date of establishment Registered address Trading address (if different from the registered address) Telephone Fax Company registration number Company VAT number Company D&B number What is the legal status of your organization? Please state your revenue for the last year: Please state your revenue for the last 3 years: Vendor Security Name of application being provided Description of application being provided What is the technology stack for the application? Select all that apply: The services you run are provided from: What is your software delivery method? Please state the access methods to your application: Do you use unit tests or similar tests for your internal production testing? Please state your agreement with the below statements: How long do you store user data for? How do you deploy product or service upgrades? Please state your level of security preparedness Is there an escalation matrix for any security breaches? For the provision of services, do you follow country/region specific security policies to manage user data and personally identifying information (PII)? Are you GDPR compliant? Do you have a formal Information Security Program (InfoSec SP) in place? Do your information security and privacy policies align with any of the below industry standards? Please state your policies on proactive security? Please state your policies on reactive security? Please state your policies on customer facing application security? Is there any other feedback you would like to provide? |