Questionnaire
A questionnaire, in vendor management, is a structured means of obtaining consistent information, enabling more effective risk analysis and comparison.
- help assess a vendor’s security posture, identify vulnerabilities, and evaluate their capabilities
- provide a structured means of
- obtaining consistent vendor information
- enabling more effective risk analysis and comparison fairly and consistently
- collect information about the vendor’s:
- security policies
- procedures
- and controls
- including data protection, access management, incident response, and disaster recovery
- should be validated by:
- supporting documentation
- site visits and audits
- background checks
- contacting references
- and utilizing third-party verification services