IT Supplier Compliance Questionnaire
Supplier Information
Company Name
Contact Person
Contact Email
Contact Phone
General Compliance
Are you compliant with relevant data protection laws (e.g., GDPR)?
Yes
No
Do you have an Information Security Management System (ISMS) in place?
Yes
No
Please list any relevant security/compliance certifications (e.g., ISO27001, SOC 2):
Data Security
Do you encrypt data at rest and in transit?
Yes
No
Are regular data backups performed?
Yes
No
Describe your incident management process:
Access Control
Do you have role-based access controls (RBAC) implemented?
Yes
No
Is multi-factor authentication (MFA) required for access?
Yes
No
Subcontractors & Third Parties
Do you use any subcontractors or third-party vendors?
Yes
No
If yes, briefly describe your third-party risk management process:
Additional Comments
Please provide any other relevant information or comments: