Free Vendor Risk Assessment Questionnaire Template

A vendor risk management questionnaire is designed to help your organization identify potential weaknesses among your third-party vendors and partners that could result in a data breach, data leak or other type of cyber attack.

Download Now

Use this free questionnaire template to inspire the design of your own questionnaire evaluating a vendor’s level of cyber threat resilience in the face of a global pandemic similar in scope to the COVID-19 pandemic.

Learn how UpGuard streamlines Vendor Risk Management >

Note: UpGuard offers a customizable pandemic questionnaire template that automatically detects cyber risks based on questionnaire responses. For the most dependable and scalable Vendor Risk Management program, it’s highly recommended to manage your vendor security questionnaires on a VRM platform like UpGuard.

Learn more about UpGuard’s questionnaires >

Template for Evaluating Vendor Supply Chain Risk in a Pandemic Context

Each dot point item indicates the design of each input option. Yes, No and Not Sure should be checkboxes, followed by a free text field for when further clarification is available.

Question 1: Do you have a business continuity plan in place?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 2: Have all of the critical functions of your business been identified?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 3: Have all key personnel responsible for ensuring business continuity been identified?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 4: Do all key personnel have clearly defined roles for ensuring continuity in the event of a business disruption?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 5: Do you have any crisis management teams in place?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 5a: If you answered Yes, are they aware of their responsibilities?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 6: How often are crisis scenarios simulated?

  • Not Sure
  • Free Text Field

Question 7: Was your business impacted by the COVID-19 Pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 7a: If you answered Yes, explain the degree of impact.

  • Not Sure
  • Free Text Field

Question 7b: If you answered Yes, explain how your continuity plans have been adjusted to better cope with future similar events.

  • Not Sure
  • Free Text Field

Question 8: Do you have a pandemic plan?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 8a: If you answered Yes, has this plan ever been tested?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 8a(i): If you answered Yes, what was the maximum downtime you experienced during these tests?

  • Not Sure
  • Free Text Field

Question 8a(ii): If you answered Yes, what was the maximum degree of sensitive data impact experienced during these tests?

  • Not Sure
  • Free Text Field

Question 9: Are you aware of which of your products and services would be impacted by a potential pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 9(i): Would any of these disruptions impact your SLAs?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 10: Are you aware of which of your vendors would be most impacted by a pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 11: Are you aware of which of your vendors are most likely to suffer a security incident during a pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 12: Do you have a real-time monitoring solution for tracking  cyber risks in your supply chain?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 13: Do you have response plans in place for when vendors in your supply chain suffer a data breach?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 13a: If you answered Yes, has this response plan been tested in a simulated incident?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 14: Were any of your current or previous service providers impacted by the Coronavirus pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 15: Are you aware of which regulations might be violated if a vendor suffers a data breach?

For example, GDPR, PCI DSS, HIPAA, etc.

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 16: Do you have a Third-Party Risk Management program in place?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 16a: If you answered Yes, is this program supported by a tool streamlining the entire TPRM workflow?

With features supporting secure onboarding, vendor risk assessment, regulation compliance (especially for heavily regulated industries like healthcare), dashboards tracking supply chain security postures, etc.

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 17: Do you manage any aspect of your security questionnaire process in Excel spreadsheets?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 18: Have you worked with stakeholders to develop a plan for responding to business disruptions during a pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 19: Have your employees been trained to properly respond to a pandemic?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 20: Are your employees aware of the increased risk of social engineering and phishing attacks during a pandemic?

Across multiple mediums, including SMS, social media, and social apps.

Question 20a: If you answered Yes, have your employees been equipped to mitigate these risks through threat awareness training?

WIth either in-person or digital training events (such as webinars and training videos).

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 20a(i): If you answered Yes, have these training events been accompanied with simulated phishing attacks to test their impact?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 21: Can your organization operate in a remote workforce model?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 21a: If you answered Yes, have all software and app integrations facilitating remote network connections been pen-tested?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 22: Do you use any survey software or survey templates for tracking the security risk of vendors in your supply chain?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 23: Do you have a Privileged Access Management system in place for limiting sensitive resource access in a remote workforce context?

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 24: Have you implemented a network segregation strategy for obfuscating sensitive resource access?

To contend with cyber threats likely to increase in ferocity during a pandemic, such as ransomware attacks.

  • Yes
  • No
  • Not Sure
  • Free Text Field

Question 25: Do you have any additional comments in relation to your level of pandemic preparedness?

  • Free Text Field

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?