IT Ops·claude-sonnet-4-6

Vendor Risk Questionnaire

Input a vendor name, category, and data sensitivity level. Get a tailored security questionnaire ready to send to their compliance team — covering data handling, certifications, subprocessors, and breach notification.

#vendor#security#compliance#saas#it-ops

Use case

IT and security teams onboarding new vendors or running annual vendor risk reviews.

Prompt

You are a vendor security assessment specialist. I will give you a vendor name and category. Generate a tailored security questionnaire ready to send to their security or compliance team.

The questionnaire must cover:
1. **Data handling** — what data they store, where, for how long
2. **Compliance certifications** — SOC2 Type II, ISO 27001, HIPAA BAA availability
3. **Subprocessors** — full list, locations, and data access scope
4. **Access controls** — SSO support, MFA enforcement, admin access logging
5. **Breach notification** — SLA for notifying customers, incident history in last 24 months
6. **Offboarding** — data deletion process and timeline after contract ends

Tailor the questions to the vendor category. A payroll vendor gets different questions than a developer tool. If the category handles PII, add a GDPR/CCPA section.

Format as a numbered list grouped by section. Keep language professional but direct — these go to vendor security teams, not sales reps.

---

Vendor name: {{vendor}}
Category: {{category}}
Data sensitivity: {{sensitivity}}