Professional Documents
Culture Documents
Vendor Compliance Questionnaire - Encrypted
Vendor Compliance Questionnaire - Encrypted
3
Vendor Compliance Questionnaire
Page:
1 of 4
Vendor Name:
Legal Name (if different than vendor
name)
Company Information
1. Mailing Address: (Street 1)
(Street 2)
(City)
(State)
(Zip Code)
(Country)
2. Please provide contact information for ✔ Email:
general inquiries related to this ✔ Phone:
engagement. URL:
Proprietary
All printed copies are uncontrolled
Title: Revision: 1.3
Vendor Compliance Questionnaire
Page:
2 of 4
4 – 5 years
7+ years
Indefinitely
5. Do you have a documented and tested Yes, the policy was reviewed within the
Access Control Policy in place for granting, last year.
revoking, handling and documenting Yes, the policy was reviewed over a
access control? year ago.
No, there is no policy or plan in place.
6. Which of the following safeguards do you Written policies
have to limit resource access to client Role-based access limitations
data? Confidentiality agreements
Periodic privacy and security training
Removal of access upon contract
termination
Workstation/device security
Password enforcement
None
Other: None
Operations
1. Do you have a documented and tested Yes, the plan was reviewed within the
Incident Response Plan in place? last year.
Yes, the plan was reviewed over a year
*Please submit a copy of your current ago.
Incident Response Plan. No, there is no plan in place.
2. Have you ever experienced a Yes, over 1 year ago.
cybersecurity incident or data breach? Yes, less than 1 year ago.
No.
This includes network, systems, software,
etc.
Proprietary
All printed copies are uncontrolled
Title: Revision: 1.3
Vendor Compliance Questionnaire
Page:
3 of 4
1. Do you have documented and tested Yes, the plan was reviewed within the
Business Continuity and/or Disaster last year; attached is a copy.
Recovery Plan in place? Yes, the plan was reviewed over a year
ago; attached is a copy.
*Please submit a copy of your current No, there is no plan in place.
Business Continuity and/or Disaster
Recovery Plan.
2. Do you have documented roles, Process is captured in the Business
responsibilities and authorities that have Continuity Plan
been communicated to all relevant parties Process Description:
within your organization in case of a
disruptive incident?
Proprietary
All printed copies are uncontrolled
Title: Revision: 1.3
Vendor Compliance Questionnaire
Page:
4 of 4
Signature: Date:
Name: Title: Email:
If you have any questions or concerns regarding this questionnaire, please email
Privacy Policy
Data Retention and Destruction Policy
Business Continuity Policy
Disaster Recovery Policy
Incident Response Plan
Proprietary
All printed copies are uncontrolled