IT Supplier Security Evaluation Template
Supplier Company Name
Contact Person
Email
Phone
Service(s) Provided
Security Certifications (e.g., ISO 27001, SOC 2)
Data Protection & Privacy Policy Details
Access Controls
Role-based
User-based
None
Encryption In Use
At rest and in transit
Only in transit
Only at rest
Not used
Vulnerability Management Process
Incident Response Plan Availability
Yes
No
Third-party Risk Management Procedures
Notes / Additional Comments
Evaluation Criteria
Criteria
Score (1-5)
Comments
Security Controls
Compliance
Incident Response
Data Protection
Reputation & References