Secure Controls Framework
Download The SCF
SCRM/C-SCRM

What is a vendor risk questionnaire?

Direct Answer

A vendor risk questionnaire is a structured set of questions used to assess a third party's security practices. Common frameworks include the Standardized Information Gathering (SIG) questionnaire and the Cloud Security Alliance CAIQ. Questionnaires cover security governance, access management, data protection, incident response, and compliance certifications. Responses should be validated through evidence review, especially for high-risk suppliers.

Keep Exploring

Relevant Resources

References

Authoritative Sources