cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Devanha
Viewer

RFP Security Assessment

Hi,

 

can anyone point me in the direction of a good source of vendor assessment templates?  I need to create a set and I'm struggling with writers block.  I'm looking for something that can get me started.  This is for general security questions, not just GDPR.

 

Thanks in advance,

 

Mark Mair

2 Replies
Chuxing
Community Champion

Re: RFP Security Assessment

I would probably start with security policies, both on your side and on vendor side. 

Perhaps the next thing is compliance,  again on your side and on vendor side.


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
emb021
Contributor III

Re: RFP Security Assessment

Not seen anything free.

 

Most of what I have seen have been questionnaires along the lines of ISO27001 controls, making sure that there are policies in place and the like.

 

Many questionnaires will ask for third party reports, such as SOC 1 & 2 reports (in the US), ISO27001 assessment or certification, HIPAA assessment (if healthcare), etc.

 

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow