Third-Party Vendor Security Assessment Questionnaire

Vendor Information

Vendor Name Contact Person Email Address Phone Number

General Security

Do you have any security certifications (e.g., ISO 27001, SOC 2)? If yes, please list them. Does your organization have a documented information security policy? Yes No How often is the policy reviewed and updated?

Data Protection

Is data encrypted in transit and at rest? Yes No Where is client data stored (geographical location)? Who has access to client data?

Access Control

How is access to systems and data granted, managed, and revoked? Is Multi-Factor Authentication (MFA) enforced for user access? Yes No

Incident Response

Do you have an incident response plan in place? Yes No How soon are clients notified in the event of a breach?

Compliance

Which regulations or laws does your solution comply with (e.g., GDPR, HIPAA)?

Additional Comments