Welcome to Scribd!

Skip carousel

VENDOR Risk Assessment Questionnaire

Uploaded by

mit global solutions

0% found this document useful (0 votes)

87 views2 pages

Original Title

Vendor Risk Assessment v10

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

87 views2 pages

VENDOR Risk Assessment Questionnaire

Uploaded by

mit global solutions

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

Vendor Risk Assessment v1.

0 <Insert Entity Logo>

Procurement to incorporate this section in every RFP / RFQ released, based on the applicability of Vendor Risk
Assessment Process. Obtain this information from vendor and evaluate the risk score pertaining to Information
Security requirements.

Instructions:

 Please complete the following questionnaire.

 For any queries or details required, please describe in Justification/Comments Section OR mention at the end of
the questionnaire OR attach documentation with the required information.
 Mention Not Applicable wherever relevant, with appropriate justifications or comments.

Note: Vendor has to comply with minimum ----- % of the below Mandatory Questionnaire to be eligible to pass the
technical evaluation process.

Vendor Risk Assessment Questionnaire

Risk Assessment Categories Compliance Justification / Comments

Status
Yes No
Mandatory Requirements

1. Does your Organization have Information security ☐ ☐

(IS) policy, which is approved by your management,
published and communicated to all employees? Are IS
Policies reviewed on an ongoing basis?

2. Do you sign Confidentiality or non-disclosure ☐ ☐

agreements with your company employees and/or
third party personnel, as employed or engaged by
your company?

3. Is security requirements such as background ☐ ☐

verifications, information security awareness, etc. are
addressed for all employees and third party
personnel?

4. Are security roles and responsibilities documented and ☐ ☐

communicated to all employees and third parties
through appropriate Information Security awareness
training and regular updates?

5. Are responsibilities for the protection of customer ☐ ☐

information/assets, and Organizational
information/assets clearly defined?

Desired Requirements
Vendor Risk Assessment v1.0 <Insert Entity Logo>

1. Does your Organization comply with the requirements ☐ ☐

of the ISO/IEC 27001:2013 Standard, and Certified
against those requirements? Are you aware of
ADHICS Standard requirements?

2. Is there an information classification scheme or ☐ ☐

guideline in place, which will assist in determining
how the information is to be handled and protected?
Are your employees, sub-contractors & third parties
made aware to adhere with such classification
schemes?
3. Is there a defined employee exit process, and is the ☐ ☐
employee exit process includes communication to
customers?
4. Are physical identification Badges provided to all ☐ ☐
employees and third party users working within the
Organization premises or at the client sites?
5. Do you follow a formal Change Management ☐ ☐
Procedure for implementing changes to information
processing facilities, assets or services offered to
customers?
6. Do you have a procedure for recording audit logs for ☐ ☐
user actions, exceptions, and information security
events?
7. Do you have a formal user registration and ☐ ☐
deregistration process for granting/revoking access to
information systems and services?
8. Do you have a password management requirements ☐ ☐
defined that enforces various password controls?

9. Do you have a security incident reporting process in ☐ ☐

place? Are employees aware of the requirements of
the process, and are trained to report security
weakness or events through defined channels as
quickly as possible?
10. Do you have Business Continuity Management (BCM) ☐ ☐
in place? Does your Business continuity planning
address the requirements of ensuring continuity of
services to your customers and business stakeholders?

Vendor’s authorized signature: Name_______

Vendor’s Stamp: ___________________Date_

We Need To Talk: 52 Weeks To Better Cyber-Security
From Everand
We Need To Talk: 52 Weeks To Better Cyber-Security
L. Brent Huston
No ratings yet
Access Control Policy: Technical
Document6 pages
Access Control Policy: Technical
aalmotaa
No ratings yet
Information Technology Audit Methodology:: Planning Phase
Document4 pages
Information Technology Audit Methodology:: Planning Phase
shakawath
No ratings yet
Cloud Computing Security Policy: Purpose
Document4 pages
Cloud Computing Security Policy: Purpose
Simone Giorgi
No ratings yet
IT Due Diligence Questionnaire
Document6 pages
IT Due Diligence Questionnaire
Sinh Trắc Vân Tay ENIX
No ratings yet
BCP Worksheet
Document15 pages
BCP Worksheet
Sushma Kishore
No ratings yet
ISMS Requirements
Document6 pages
ISMS Requirements
Wellington Watanabe Filho
100% (1)
SCIO Access Control
Document21 pages
SCIO Access Control
Sami Napoleon
No ratings yet
14 Domains of ISO 27001: Cybersecurity Career Launcher
Document9 pages
14 Domains of ISO 27001: Cybersecurity Career Launcher
Rohan
No ratings yet
ISMS Social Networking Policy
Document3 pages
ISMS Social Networking Policy
Amine Rached
No ratings yet
ISMS Wireless Network Policy
Document3 pages
ISMS Wireless Network Policy
Amine Rached
No ratings yet
ISO27k Controls Cross Check
Document6 pages
ISO27k Controls Cross Check
Christen Castillo
No ratings yet
Experiment 8: BCP-DR: Information Security 2019-20
Document6 pages
Experiment 8: BCP-DR: Information Security 2019-20
shubham
No ratings yet
IT Security
Document23 pages
IT Security
andreas butarbutar
No ratings yet
Privileged Access Management Best Practices
Document7 pages
Privileged Access Management Best Practices
Mathias Kupak
No ratings yet
Information Security Policy Template
Document7 pages
Information Security Policy Template
Ralph Ivan Bantiding Giducos
No ratings yet
Neupart Soa Template
Document5 pages
Neupart Soa Template
Saska Milenkovic
No ratings yet
Backup Policy 201803281526230244
Document4 pages
Backup Policy 201803281526230244
Tagalog, John Kevin
No ratings yet
It Policy
Document4 pages
It Policy
Roen Abe
No ratings yet
Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
Document41 pages
Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
Christen Castillo
No ratings yet
Change Management Policy
Document8 pages
Change Management Policy
Kamrul Hasan
No ratings yet
ISO 27001 - Operations
Document13 pages
ISO 27001 - Operations
Sasikala Mani
No ratings yet
Business Process Audit Guides IT Management
Document25 pages
Business Process Audit Guides IT Management
Julio Cubias
No ratings yet
Software Installation Policy
Document2 pages
Software Installation Policy
LinuxPower
No ratings yet
Data Center Physical Security Best Practices Checklist PDF
Document3 pages
Data Center Physical Security Best Practices Checklist PDF
aL Doom
No ratings yet
Ism Presentation Slides
Document13 pages
Ism Presentation Slides
nithi_123
No ratings yet
Access Control Models
Document35 pages
Access Control Models
Ankita Sharma
100% (1)
20 CIS Controls v7.0
Document12 pages
20 CIS Controls v7.0
gpo9141
No ratings yet
ISO IEC 27002 2013 A Complete Guide - 2021 Edition
From Everand
ISO IEC 27002 2013 A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
CSA Framework Policies Control Proc + Chpt11
Document44 pages
CSA Framework Policies Control Proc + Chpt11
RammyBrad
100% (1)
Internal Audit Report - Information Technology Risk Assessment
Document8 pages
Internal Audit Report - Information Technology Risk Assessment
Florence Nkosi
No ratings yet
Incident Management Policy Draft
Document4 pages
Incident Management Policy Draft
Derick Burton (Ben Sisco)
No ratings yet
ISO 27001:2013 Gap Analysis
Document8 pages
ISO 27001:2013 Gap Analysis
TSANIA MAULIDIA
No ratings yet
Audit Program - Business Continuity
Document3 pages
Audit Program - Business Continuity
globx
No ratings yet
Disaster Recovery Checklist
Document2 pages
Disaster Recovery Checklist
Chris
No ratings yet
ISO 27001 Risk Assessments: Five Steps To Success
Document8 pages
ISO 27001 Risk Assessments: Five Steps To Success
patil
No ratings yet
Iso 27001 Controls Checklist Template: 5. Information Security Policies
Document7 pages
Iso 27001 Controls Checklist Template: 5. Information Security Policies
Lyubomir Gekov
No ratings yet
Work Station Security
Document3 pages
Work Station Security
sp
No ratings yet
LogicManager SOC2 ComplianceChecklist
Document5 pages
LogicManager SOC2 ComplianceChecklist
Lakshman Kumar
No ratings yet
ISMS Supplier Security Policy
Document4 pages
ISMS Supplier Security Policy
Amine Rached
No ratings yet
Clear Desk and Clear Screen Policy
Document4 pages
Clear Desk and Clear Screen Policy
dhir.ankur
No ratings yet
ISO27k ISMS 9.2 Audit Exercise 2021 - Crib Sheet - English
Document5 pages
ISO27k ISMS 9.2 Audit Exercise 2021 - Crib Sheet - English
sungray
0% (1)
Toolkit I So 27001 Cross Referenced
Document9 pages
Toolkit I So 27001 Cross Referenced
Hooi Choon Yew
No ratings yet
Overview: Remote Access Policy
Document3 pages
Overview: Remote Access Policy
Hector G.
No ratings yet
Implementing An ISMS: The Nine-Step Approach
Document13 pages
Implementing An ISMS: The Nine-Step Approach
evilsasho
No ratings yet
Account Management Policy
Document5 pages
Account Management Policy
Lyman Mubukani
No ratings yet
Example/sample ISMS Scoping Statements
Document1 page
Example/sample ISMS Scoping Statements
A Chatterjee
No ratings yet
IS Audit Checklist in Excel
Document11 pages
IS Audit Checklist in Excel
Anand.Sonie
No ratings yet
BCP Testing Scenerios
Document7 pages
BCP Testing Scenerios
kavita_2910
No ratings yet
Information Classification and Management Policy Template
Document6 pages
Information Classification and Management Policy Template
Ahmed Alhassar
No ratings yet
ISO 27001 Checklist Template for Implementation Phases and Tasks
Document7 pages
ISO 27001 Checklist Template for Implementation Phases and Tasks
nils havnen
No ratings yet
Seven Steps To Creating An Effective Computer Security Incident Response Team
Document8 pages
Seven Steps To Creating An Effective Computer Security Incident Response Team
MarcosArauco
100% (1)
Risk Management Process ISMS PDF
Document1 page
Risk Management Process ISMS PDF
Anil V Oommen
No ratings yet
ISO 27001 Controls - Audit Checklist
Document9 pages
ISO 27001 Controls - Audit Checklist
paulo
No ratings yet
Information Systems Audit 2022
Document52 pages
Information Systems Audit 2022
Anthony Flores
No ratings yet
Vulnerability Management Policy Template For Control 7
Document17 pages
Vulnerability Management Policy Template For Control 7
Ivan Ninan
No ratings yet
10-Cisa It Audit - BCP and DRP
Document27 pages
10-Cisa It Audit - BCP and DRP
Hamza Naeem
No ratings yet
Information Systems Control and Audit Short Notes Hand Written
Document59 pages
Information Systems Control and Audit Short Notes Hand Written
Anonymous wdYmmpTwk
100% (1)
ISMS-105 - Bring Your Own Device Policy V2.0
Document7 pages
ISMS-105 - Bring Your Own Device Policy V2.0
O Google
No ratings yet
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
From Everand
ISO IEC 27001 Lead Implementer A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Risk Management Is Important For Every Organization
Document4 pages
Risk Management Is Important For Every Organization
mit global solutions
No ratings yet
Clinicians, Administrative Teams, Financial Teams, IT Departments
Document1 page
Clinicians, Administrative Teams, Financial Teams, IT Departments
mit global solutions
No ratings yet
Clinicians, Administrative Teams, Financial Teams, IT Departments
Document1 page
Clinicians, Administrative Teams, Financial Teams, IT Departments
mit global solutions
No ratings yet
RIA Topic 2 Quiz 13.8.21 Answer
Document2 pages
RIA Topic 2 Quiz 13.8.21 Answer
mit global solutions
No ratings yet
Introduction to Statistics and SPSS Data Entry
Document22 pages
Introduction to Statistics and SPSS Data Entry
mit global solutions
No ratings yet
Dr. Md. Abdus Salam Akanda Professor Department of Statistics University of Dhaka: Mobile: 01620-964148
Document3 pages
Dr. Md. Abdus Salam Akanda Professor Department of Statistics University of Dhaka: Mobile: 01620-964148
mit global solutions
No ratings yet
Political Ecology of the Peasant Faraizi Movement
Document2 pages
Political Ecology of the Peasant Faraizi Movement
mit global solutions
No ratings yet
Chapter 3.1
Document2 pages
Chapter 3.1
mit global solutions
No ratings yet
The Bengal Delta Ecology, State and Social Change, 1840-1943
Document3 pages
The Bengal Delta Ecology, State and Social Change, 1840-1943
mit global solutions
No ratings yet
Name: Dr. Moinuddin Ahmed, ID: 2161051004 Book Review
Document2 pages
Name: Dr. Moinuddin Ahmed, ID: 2161051004 Book Review
mit global solutions
No ratings yet
Thesis Proposal Presentations Outline STUDENT
Document1 page
Thesis Proposal Presentations Outline STUDENT
Nathanniel Pogado Gonzales
No ratings yet
Chapter 1
Document3 pages
Chapter 1
mit global solutions
No ratings yet
Rule 15-Motions PDF
Document5 pages
Rule 15-Motions PDF
wuplawschool
No ratings yet
Lec - 20 On GPSC RTO Class 2 & 3 Acts/Rules/Guideline/Institute/Judgements
Document22 pages
Lec - 20 On GPSC RTO Class 2 & 3 Acts/Rules/Guideline/Institute/Judgements
Have
No ratings yet
Sendas - La Senda Del Daimyo (Extracto) (Inglés)
Document8 pages
Sendas - La Senda Del Daimyo (Extracto) (Inglés)
juan luis Garcia
No ratings yet
Transpo 1a Heirs of Jose Marcial K. Ochoa v. G.& S Transport Corp.
Document27 pages
Transpo 1a Heirs of Jose Marcial K. Ochoa v. G.& S Transport Corp.
Rozaiine
No ratings yet
Class-2-3rd Term-Mathematics
Document14 pages
Class-2-3rd Term-Mathematics
Habibur Rahman
No ratings yet
Senator Imee Marcos PDF
Document10 pages
Senator Imee Marcos PDF
Mark Catipon
No ratings yet
Critical Success Criteria and Success Factors in Project Management: A Quest To Enhance Generic Professional Practice
Document15 pages
Critical Success Criteria and Success Factors in Project Management: A Quest To Enhance Generic Professional Practice
sajid umer
No ratings yet
Last Will and Testament of Nyki Bacolong
Document7 pages
Last Will and Testament of Nyki Bacolong
Nyki Bacolong
No ratings yet
Ethics For IT Workers and IT Users Lec 3: Instructor: Seemal Afza Seemal - Afza@ucp - Edu.pk
Document38 pages
Ethics For IT Workers and IT Users Lec 3: Instructor: Seemal Afza Seemal - Afza@ucp - Edu.pk
Muhammad Asad Bilal Arif
No ratings yet
Sps. Pacquiao Vs CTA Digest
Document10 pages
Sps. Pacquiao Vs CTA Digest
Cyrus
67% (3)
European Company Law Vicari
Document342 pages
European Company Law Vicari
Vykintas Balsevičius
No ratings yet
Socialist Tentacles in Alberta Education: H. C. Newland, Supervisor of Schools
Document2 pages
Socialist Tentacles in Alberta Education: H. C. Newland, Supervisor of Schools
Michael Wagner
No ratings yet
Overgeneralization Errors in EFL Writing
Document16 pages
Overgeneralization Errors in EFL Writing
ksatria gotham
No ratings yet
47 Gabin vs. Melliza
Document1 page
47 Gabin vs. Melliza
Goody
No ratings yet
Veer Petitioner
Document19 pages
Veer Petitioner
priyanka
100% (1)
Finance Department: Section Officer Admn
Document438 pages
Finance Department: Section Officer Admn
Ram Reddy
No ratings yet
Mighty Corporation
Document2 pages
Mighty Corporation
Harold Sargado Lascuña
No ratings yet
Short Notes of House Property
Document3 pages
Short Notes of House Property
utsav
No ratings yet
Ma Political Science Books in Urdu
Document2 pages
Ma Political Science Books in Urdu
Nadir Khan
No ratings yet
Ethnic Conflicts in Nigeria: A Study of Tiv Jukunsocio Economic Perspective
Document7 pages
Ethnic Conflicts in Nigeria: A Study of Tiv Jukunsocio Economic Perspective
Ezeolu Promise
No ratings yet
Agriculture Bill: House of Lords Delegated Powers and Regulatory Reform Committee 34th Report of Session 2017-19
Document10 pages
Agriculture Bill: House of Lords Delegated Powers and Regulatory Reform Committee 34th Report of Session 2017-19
ECRAFTY
No ratings yet
RDO No. 30 - Binondo
Document201 pages
RDO No. 30 - Binondo
Be Young
No ratings yet
Bhaskaran VS Sankaran PDF
Document7 pages
Bhaskaran VS Sankaran PDF
umar
No ratings yet
Quality in The Constructed Project: Designer's Viewpoint: F. Fox
Document3 pages
Quality in The Constructed Project: Designer's Viewpoint: F. Fox
Moe San
No ratings yet
Types of GST Assessment
Document19 pages
Types of GST Assessment
Amit Gupta
No ratings yet
Design With Operational Amplifiers and Analog Integrated Circuits 4th Edition Sergio Franco Solutions Manual
Document28 pages
Design With Operational Amplifiers and Analog Integrated Circuits 4th Edition Sergio Franco Solutions Manual
pseudolatakia.drbn
100% (19)
Reconstructions - Amalgamation, Mergers, Takeovers
Document5 pages
Reconstructions - Amalgamation, Mergers, Takeovers
masiga maurice
No ratings yet
VI REVISED CORPORATION MCQs
Document30 pages
VI REVISED CORPORATION MCQs
Dan Di
No ratings yet
Aznar vs. COMELEC G.R. No. 83820
Document2 pages
Aznar vs. COMELEC G.R. No. 83820
theresa
No ratings yet
Capitol Wireless V Prov Treasurer
Document13 pages
Capitol Wireless V Prov Treasurer
Duffy Duffy
No ratings yet