UpGuard Vendor Risk has over 20 security questionnaires in its questionnaire library:
1. CyberRisk Questionnaire: provides a comprehensive assessment of an organization's security posture, from their policy framework right down to their technical controls. It comprises four sections: Security and Privacy Programs, Physical and Data Center, Infrastructure, and Web Application.
2. ISO 27001 Questionnaire: Assesses an organization's security posture against the ISO 27001 standard with risks mapped against ISO 27001 domains. It is also suitable for the assessment of APRA CPS 234 requirements.
3. Short Form Questionnaire: a condensed version of the CyberRisk Questionnaire, designed to be sent to smaller organizations. It focuses on the information security risks smaller organizations are typically exposed to, such as their back up process and email security concerns, while avoiding areas where small organizations are typically less mature (such as their information security policy framework).
4. NIST Cybersecurity Framework Questionnaire: Assesses an organization's security posture against the NIST Cybersecurity Framework.
5. PCI DSS Questionnaire: assess an organization's adherence to the twelve requirements of PCI DSS.
6. California Consumer Privacy Act (CCPA) Questionnaire: Assesses whether a vendor is compliant with the personal information disclosure requirements outlined in CCPA.
7. Modern Slavery Questionnaire: designed to identify modern slavery risks, address identified risks, and highlight areas requiring further due diligence.
8. Pandemic Questionnaire: designed to help you assess the impact of any current or future pandemics.
9. Security and Privacy Program Questionnaire: focuses solely on an organization's security and privacy program.
10. Web Application Security Questionnaire: focuses solely on an organization's web application security controls.
11. Infrastructure Security Questionnaire: focuses solely on an organization's infrastructure security controls.
12. Physical and Data Centre Security Questionnaire: focuses solely on an organization's physical and data centre security controls.
13. COBIT 5 Security Standard Questionnaire: Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.
14. ISA 62443-2-1:2009 Security Standard Questionnaire: Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.
15. ISA 62443-3-3:2013 Security Standard Questionnaire: Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.
16. GDPR Security Standard Questionnaire: Assesses compliance against the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).
17. CIS Controls 7.1 Security Standard Questionnaire: Assesses compliance against the best practice guidelines for cybersecurity outlined in 20 CIS Controls.
18. NIST SP 800-53 Rev. 4 Security Standard Questionnaire: Assesses compliance against the security and privacy controls required for all U.S. federal information systems except those related to national security.
19. SolarWinds Questionnaire: Designed to help you assess your vendors that may use SolarWinds.
20. Kaseya Questionnaire: To help you determine if you or your vendors were exposed to the sophisticated supply chain ransomware attack that affected Kaseya.
21. Essential Eight Questionnaire: Assesses compliance against the requirements of the Essential Eight framework, as determined by the Australian Signals Directorate (ASD).
22. Apache Log4J - Critical Vulnerability Questionnaire: Discovers third-party vendors that are using software or cloud services impacted by the Log4j vulnerability, either directly or via supply chains.