Annual Vendor Security Questionnaire Template
Use this questionnaire to assess third-party vendors your company relies on. It’s especially important for vendors that process, store, or access customer data. Request vendors complete this annually to demonstrate continued compliance with your expectations for confidentiality, security, and operational integrity.
Question | Purpose | Notes |
|---|---|---|
1. Do your employees sign NDAs or confidentiality agreements? | Ensure sensitive data is contractually protected | Upload sample NDA if available |
2. Do you conduct background checks on employees with system access? | Validate integrity of personnel | State whether this is done pre-hire or post-hire |
3. Do employees receive security awareness training annually? | Reduce risk of human error | List training platform or method used |
4. Do you maintain access control policies for internal systems? | Confirm least privilege access is enforced | Optional: share access matrix |
5. How do you handle terminated employee/system access? | Ensure access revocation processes exist | Attach offboarding checklist if available |
6. Do you encrypt customer data at rest and in transit? | Confirm use of standard encryption practices | Specify protocols or technologies used |
7. Do you have a documented incident response plan? | Gauge preparedness for security incidents | Optional: upload a redacted version |
8. Have you experienced a security breach in the past 12 months? | Transparency on history and disclosure practices | Describe how it was handled if applicable |
9. Are you SOC 2, ISO 27001, or GDPR compliant? | Identify maturity level and regulation alignment | Upload reports or attestations if available |
10. Who can we contact in case of a security concern? | Establish point of contact for escalation | Name, title, and email required |