Vendor Questionnaire Support

SystemExperts provides practical and insightful support to clients responding to Security Assessments, Security Questionnaires, Vendor Assessments, and Technical RFPs. These are often requested by customers or prospective customers of service providers to satisfy either initial or annual third party risk assessment requirements. Unfortunately, often they are submitted with short notice that can tax an already burdened information security team. SystemExperts helps its clients complete both standardized and non-standard questionnaires with language that is meaningful to the assessors and removes much of the workload from our clients.

SystemExperts has experience with many standardized assessment tools, including:

  • Standardized Information Gathering Questionnaires (SIG Core, SIG Lite, and SIG Ultra Lite)
  • Consensus Assessments Initiative Questionnaire (CAIQ), developed by the Cloud Security Alliance (CSA)
  • Vendor Security Assessment Questionnaire (VSAQ), developed by the Vendor Security Alliance (VSA)
  • The Center for Internet Security’s questionnaires (CIS Top 20, CIS First 5)
  • HECVAT and HECVAT Lite, developed by the Higher Education Information Security Council (HEISC)

Additionally, SystemExperts can help our clients develop their own customized security assessment questionnaires. Clients typically follow one of two paths: either adopt a standard security framework or create a simplified questionnaire that distills key security controls while reducing the sheer volume of questions.

Contact SystemExperts to request a Vendor Questionnaire Support consultation by phone.