Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Renewal Questionnaires

    Posted 08-31-2022 10:35 AM
    Good morning everyone! 

    I'm working on creating a renewal/reassessment vendor questionnaire specific to cyber security. Does anyone have an example of the types of questions that you ask at renewal time?

    Thank you! 

    Audrey


  • 2.  RE: Renewal Questionnaires

    Posted 09-06-2022 03:13 PM

    Hi Audrey – 

    There are a few "it depends" involved, but generally at a high level to assess a vendor who poses risks related to cybersecurity, I would encourage reviewing the following items and responses at a minimum:

    • Summary letter from most recent penetration test
    • Most recent SOC report or report/certificate from recent audit or assessment performed by a third party
    • Request a summary of significant infrastructure and security changes which have occurred since original due diligence review.

    Many organizations perform full due diligence reviews as a part of contract renewal while others will select a subset, such as the above.

    I'm always looking to hear what others are doing for cybersecurity review at contract renewal.



  • 3.  RE: Renewal Questionnaires

    Posted 09-26-2022 10:10 AM
    Hi Aaron, 

    This is so helpful, thank you so much! I truly appreciate your help!

    Have a wonderful day! 

    Audrey