Gold by MangoMagic

Cross-Functional · Template · Intermediate · Saves 25+ hours

Vendor Security Assessment

A template for assessing vendor security.

Get coached on this — free

What's included

  • Assessment Questionnaire
    • Security program
    • Data protection
    • Access controls
    • Incident response
    • Business continuity
    • Compliance status
  • Risk Scoring
    • Risk assessment criteria
    • Scoring methodology
    • Threshold definitions
  • Ongoing Monitoring
    • Review cadence
    • Update triggers
    • Remediation tracking

Best used when

  • Evaluating new vendors
  • Annual vendor reviews
  • Compliance requirements
  • Risk assessments

Why this is Gold

Vendor security affects you. This assessment identifies risks.

The template

The Template

VENDOR SECURITY

Vendor Security Questionnaire

VENDOR SECURITY ASSESSMENT

VENDOR: _______________
Assessment date: _______________
Assessed by: _______________

1. SECURITY PROGRAM
☐ Dedicated security team: ☐ Yes ☐ No
☐ Security policies documented: ☐ Yes ☐ No
☐ Security training: ☐ Yes ☐ No
☐ Background checks: ☐ Yes ☐ No

2. CERTIFICATIONS
☐ SOC 2 Type II: ☐ Yes ☐ No (Date: _____)
☐ ISO 27001: ☐ Yes ☐ No
☐ Other: _______________

3. DATA SECURITY
☐ Encryption at rest: ☐ Yes ☐ No
☐ Encryption in transit: ☐ Yes ☐ No
☐ Data location: _______________
☐ Data retention policy: ☐ Yes ☐ No

4. ACCESS CONTROL
☐ SSO/SAML support: ☐ Yes ☐ No
☐ MFA available: ☐ Yes ☐ No
☐ Role-based access: ☐ Yes ☐ No
☐ Access logging: ☐ Yes ☐ No

5. INCIDENT RESPONSE
☐ IR plan documented: ☐ Yes ☐ No
☐ Breach notification: ___ hours
☐ Past incidents (2 years): ☐ Yes ☐ No

6. BUSINESS CONTINUITY
☐ DR plan: ☐ Yes ☐ No
☐ RTO: _____
☐ RPO: _____
☐ Backup frequency: _______________

Vendor Risk Scoring

Category Weight Score (1-5) Weighted
Security program 20%
Data protection 25%
Access control 20%
Incident response 15%
Compliance 20%
Total 100% /5

Vendor Risk Tiers

Score Risk Level Action
4.0-5.0 Low Approve
3.0-3.9 Medium Approve with conditions
2.0-2.9 High Require remediation
<2.0 Critical Do not approve

Frequently asked questions

What is the Vendor Security Assessment?

A template for assessing vendor security.

Who is the Vendor Security Assessment for?

It is built for Cross-Functionals and their teams working on Security & Compliance. The AI coach adapts it to your company, stage, and goals.

How long does the Vendor Security Assessment take to use?

It saves roughly 25+ hours versus building from scratch. Our AI coach can tailor the template to your situation in minutes, then hand you a step-by-step plan.

Is the Vendor Security Assessment free?

Yes. You can read the full template and start getting coached through it for free. Sign in to save your tailored version and track your next steps.

How does the AI coach help with the Vendor Security Assessment?

The coach teaches you the framework, asks a few questions about your business, tailors the template to you, and gives you measurable next steps to execute.