IoT Device Vendor Risk Assessment Sheet

General Information

Vendor Name		Assessment Date
Product/Device Name		Version/Firmware
Assessor(s)

Vendor Security Practices

Criteria	Assessment	Notes
Security Certifications (e.g., ISO 27001)
Vulnerability Disclosure Policy
Regular Security Updates Provided
Secure Development Lifecycle (SDL)

Device Security Features

Feature	Assessment	Notes
Authentication Mechanisms
Encryption of Data in Transit
Encryption of Data at Rest
Logging & Monitoring Capabilities
Firmware Update Mechanism
Default Credentials Removed

Supply Chain & Support

Criteria	Assessment	Notes
Geographic Origin of Components
Third-Party Software Dependencies
End-of-life Policy
Vendor Support & Responsiveness

Overall Risk Assessment

Risk Level
Summary Comments