You Completed a Standard Vendor Questionnaire—Now What?

October 21, 2021

For many InfoSec teams, the day-to-day processes of receiving vendor questionnaires, completing assessments, and sending them back can feel highly repetitive. After all, most vendor questionnaires—especially if they are using standard assessments—ask the same questions repeatedly. Until now, securely storing these answers, keeping them up-to-date and correct, and seamlessly accessing and sharing with new vendors has been impossible.

Today, however, InfoSec teams can leverage automated solutions and robust security networks to streamline the vendor risk management process and make the most out of standard questionnaires and assessments. Here are three critical next steps after completing a standard vendor questionnaire:

1. Share the completed questionnaire with the vendor. 

Once a standard questionnaire is complete, any InfoSec team's first test is securely shared with the vendor. While an encrypted email, a secure link to an online shared folder, or FTP may be acceptable, security controls are at risk, and the message should be shared as securely as possible.

2. Grant access to any internal stakeholders who may need visibility. 

Internally, procurement team members, salespeople, and other stakeholders may need access to the answers your team submitted to the new vendor. If your team used a simple spreadsheet or table to track your answers, granting access to the questionnaire may open up the document to unauthorized access, updates, or edits.

3. Save and reuse the answers for additional questionnaires. 

After completing a standard vendor questionnaire, one of the most essential things any InfoSec team should look to do is to reuse the answers for later! Of course, minor updates or edits will most likely be required by the next time your team accesses the information, which means that however your team stores your answers, things will need to be able to change as needed quickly.

 

Streamline the vendor risk management process with Whistic

How can your team seamlessly share questionnaires without risking security, increase transparency with stakeholders, and reuse your hard work? With Whistic, your team can automate vendor assessments, share documentation, and securely update past questionnaires—without risking security or privacy.

The Whistic Profile allows InfoSec teams to compile standard questionnaires, assessments, and additional documentation in a single place and then easily share requested information with vendors. Since the Whistic Profile is built on a secure cloud-based platform, your team doesn’t have to worry about granting access or securely sharing via encrypted email. Internal resources can also access the same link for visibility.

With extensive access controls, the Whistic Profile can only be updated by those with the proper credentials, which means that your team—and your vendors—are always looking at the most up-to-date, correct information in your profile. So, your InfoSec team can answer a questionnaire and then share the answers over and over—all while knowing your information is correct and up-to-date with your newest security control information.

You can learn more about the Whistic Profile and get started here.

security questionnaires vendor assessment security profile vendor security review third party risk mgmt proactive vendor security

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close