A vendor security questionnaire consists of information regarding the type of security being provided by the vendor related to cloud-based applications used by customers for processing customer payments. These questionnaires are sent by customers and are about vendors’ information security controls and contain information about vendor’s physical security, data encryption, and various procedures for handling electronic media.

Vendor Security Questionnaire Sample

Name of Vendor___________________________________________

Address of the vendor: ______________________________________

City: ________________ State: ___________________  Zip: _________________

Telephone: ____________________  Fax: ____________________________

Website: ______________________________  Email: _______________________________

Q1. What are the standard networking arrangements offered?


Q2. Have you appointed a Manager or a Security Coordinator at each of your company locations?

a)   Yes

b)   No

Q3. Is enterprise identity management system supported by applications offered by you? If yes, please indicate the type of alert like Kerberos, LDAP, etc.


Q4. Which of the following servers are offered by you?

a)   Web servers

b)   ftp servers

c)   Application servers

d)   Database servers

e)   Name servers

f)    Mail servers

g)   File servers

h)   Print servers

i)     Terminal servers

Q5. Which of the following communication requirements between client and server are offered by you?

a)   Protocols

b)   IP ports

c)   Typical bandwidth per client

d)   Data structure

e)   Data size

f)    Message delivery guarantee

g)   Client environment control

h)   Cross platform client support

Q6. What are the various methods of end-user or client authentication, identification, and authorization is offered by your application?


Q7. If your application employs data encryption then please answer the following

a)   Encryption algorithm

b)   Type of network encryption

c)   Type of storage encryption

Q8. Are the following functionalities available with your applications?

a)   Access from outside the LAN                 Yes | No

b)   Remote access by system administrator  Yes | No

c)   Remote access by vendor for maintenance     Yes | No

d)   Storage of application passwords           Yes | No

e)   Security safeguards                             Yes | No

f)    Unauthorized access prevention             Yes | No

Q9. Can you provide references of some of your existing customers? If yes then provide their details

a)   Customer #1: ____________________________________________________

b)   Customer #2: ____________________________________________________

c)   Customer #3: ____________________________________________________