БЕСПЛАТНАЯ УЧЕТНАЯ ЗАПИСЬ
Шаблоны опросов Опросы для корпоративных клиентов (B2B) Vendor Security and Assessment Sample Questionnaire Template

Vendor Security and Assessment Sample Questionnaire Template

The vendor security and assessment questionnaire template is an in-depth questionnaire that is used to bring on or evaluate an existing vendor. This questionnaire has been created by vendor management and sourcing specialists and can be tweaked to collect important data about a vendor that can help to assess if the vendor fits into your organization's plans and what are their security policies. This survey template consists of vendor identifying questions as well as other survey questions that collects in-depth data about their data management policies, methods to safeguard personally identifying information (PII), proactive and reactive security policies and specific policies to manage user data like GDPR compliance.


Vendor Assessment
Company name
Date of establishment
Registered address
Trading address (if different from the registered address)
Telephone
Fax
Company registration number
Company VAT number
Company D&B number
What is the legal status of your organization?
Please state your revenue for the last year:
Please state your revenue for the last 3 years: 
Vendor Security
Name of application being provided
Description of application being provided
What is the technology stack for the application? Select all that apply:
The services you run are provided from:
What is your software delivery method?
Please state the access methods to your application:
Do you use unit tests or similar tests for your internal production testing?
Please state your agreement with the below statements:
Strongly disagree
Disagree
Neutral
Agree
Strongly agree
We maintain process documents
We maintain design flow documents
We maintain data flow documents
We maintain data architecture documents
We encrypt all of the user data
We have a methodology to process and protect personally identifiable data
We conduct internal audits
We conduct third-party external audits
We have processes and procedures in place to deal with security incidents
We have clearly defined network guidelines
Strongly disagree
Disagree
Neutral
Agree
Strongly agree
We maintain a fixed backup cycle
We have a review policy for physical and environmental exigencies
How long do you store user data for?
How do you deploy product or service upgrades?
Please state your level of security preparedness
Is there an escalation matrix for any security breaches?
For the provision of services, do you follow country/region specific security policies to manage user data and personally identifying information (PII)?
Are you GDPR compliant?
Do you have a formal Information Security Program (InfoSec SP) in place?
Do your information security and privacy policies align with any of the below industry standards?
Please state your policies on proactive security?
Please state your policies on reactive security?
Please state your policies on customer facing application security?
Is there any other feedback you would like to provide?