Vendor Security Questionnaire
A vendor security questionnaire consists of information regarding the type of security being provided by the vendor related to cloud-based applications used by customers for processing customer payments. These questionnaires are sent by customers and are about vendors’ information security controls and contain information about vendor’s physical security, data encryption, and various procedures for handling electronic media.
Vendor Security Questionnaire Sample
Name of Vendor___________________________________________
Address of the vendor: ______________________________________
City: ________________ State: ___________________ Zip: _________________
Telephone: ____________________ Fax: ____________________________
Website: ______________________________ Email: _______________________________
Q1. What are the standard networking arrangements offered?
Q2. Have you appointed a Manager or a Security Coordinator at each of your company locations?
Q3. Is enterprise identity management system supported by applications offered by you? If yes, please indicate the type of alert like Kerberos, LDAP, etc.
Q4. Which of the following servers are offered by you?
a) Web servers
b) ftp servers
c) Application servers
d) Database servers
e) Name servers
f) Mail servers
g) File servers
h) Print servers
i) Terminal servers
Q5. Which of the following communication requirements between client and server are offered by you?
b) IP ports
c) Typical bandwidth per client
d) Data structure
e) Data size
f) Message delivery guarantee
g) Client environment control
h) Cross platform client support
Q6. What are the various methods of end-user or client authentication, identification, and authorization is offered by your application?
Q7. If your application employs data encryption then please answer the following
a) Encryption algorithm
b) Type of network encryption
c) Type of storage encryption
Q8. Are the following functionalities available with your applications?
a) Access from outside the LAN Yes | No
b) Remote access by system administrator Yes | No
c) Remote access by vendor for maintenance Yes | No
d) Storage of application passwords Yes | No
e) Security safeguards Yes | No
f) Unauthorized access prevention Yes | No
Q9. Can you provide references of some of your existing customers? If yes then provide their details
a) Customer #1: ____________________________________________________
b) Customer #2: ____________________________________________________
c) Customer #3: ____________________________________________________
Category: Vendor Questionnaire