A vendor risk questionnaire is a structured set of questions used to assess a third party's security practices. Common frameworks include the Standardized Information Gathering (SIG) questionnaire and the Cloud Security Alliance CAIQ. Questionnaires cover security governance, access management, data protection, incident response, and compliance certifications. Responses should be validated through evidence review, especially for high-risk suppliers.
Keep Exploring