Vendor Risk Assessment Document

Technical Criteria

Vendor Name Assessment Date Assessor Name

1. Data Security

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
Data Encryption At Rest
Data Encryption In Transit
Access Controls
Data Retention & Disposal

2. Network Security

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
Firewalls & Segmentation
Intrusion Detection/Prevention
Remote Access Security

3. Application Security

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
Secure Development Practices
Vulnerability Management
Penetration Testing

4. Compliance & Certifications

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
ISO 27001
SOC 2
GDPR Compliance

5. Incident Response

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
Incident Response Plan
Notification & Escalation
Past Incidents

6. Business Continuity & Disaster Recovery

Criteria	Description	Compliance (Yes/No)	Comments/Evidence
BC/DR Plans
Backup Frequency
Testing and Review

Other Notes