Vendor Due Diligence Questionnaire Template
This Vendor Due Diligence Questionnaire (“Questionnaire”) is provided by [Company Name] to assess potential vendors’ qualifications, compliance, and risk factors before engagement. Vendors must provide accurate and complete responses to all sections.
-
Legal Entity Name: ____________________________
-
Registered Address: ____________________________
-
Primary Contact Name/Title: ____________________
-
Years in Business: ____________________________
-
Parent Company / Affiliates: ____________________
Legal Entity Name: ____________________________
Registered Address: ____________________________
Primary Contact Name/Title: ____________________
Years in Business: ____________________________
Parent Company / Affiliates: ____________________
-
Provide latest audited financial statements (last [2–3] years).
-
Annual revenue range: ____________________________
-
Credit references: ____________________________
-
Any history of bankruptcy or insolvency? ☐ Yes ☐ No
Provide latest audited financial statements (last [2–3] years).
Annual revenue range: ____________________________
Credit references: ____________________________
Any history of bankruptcy or insolvency? ☐ Yes ☐ No
3. Legal and Compliance
-
Confirm compliance with applicable laws and industry regulations.
-
Disclose any pending or past litigation, regulatory investigations, or fines.
-
Provide licenses, certifications, or permits relevant to services offered.
Confirm compliance with applicable laws and industry regulations.
Disclose any pending or past litigation, regulatory investigations, or fines.
Provide licenses, certifications, or permits relevant to services offered.
-
Do you comply with GDPR, CCPA, or other data privacy laws? ☐ Yes ☐ No
-
Describe data protection measures (encryption, access controls, data retention policies).
-
Provide details of cybersecurity certifications (e.g., ISO 27001, SOC 2).
-
Have you experienced a data breach in the last [X] years? If yes, provide details.
Do you comply with GDPR, CCPA, or other data privacy laws? ☐ Yes ☐ No
Describe data protection measures (encryption, access controls, data retention policies).
Provide details of cybersecurity certifications (e.g., ISO 27001, SOC 2).
Have you experienced a data breach in the last [X] years? If yes, provide details.
5. Business Continuity and Disaster Recovery
-
Do you maintain a business continuity plan? ☐ Yes ☐ No
-
Provide a summary of disaster recovery procedures.
-
Average recovery time objective (RTO) and recovery point objective (RPO).
Do you maintain a business continuity plan? ☐ Yes ☐ No
Provide a summary of disaster recovery procedures.
Average recovery time objective (RTO) and recovery point objective (RPO).
6. Subcontractors and Third Parties
-
Do you subcontract any services? ☐ Yes ☐ No
-
If yes, provide names of subcontractors and describe oversight measures.
-
Confirm that subcontractors meet equivalent compliance standards.
Do you subcontract any services? ☐ Yes ☐ No
If yes, provide names of subcontractors and describe oversight measures.
Confirm that subcontractors meet equivalent compliance standards.
7. Insurance Coverage
-
Provide proof of insurance, including general liability, professional liability, and cyber liability coverage.
-
Coverage limits: ____________________________
Provide proof of insurance, including general liability, professional liability, and cyber liability coverage.
Coverage limits: ____________________________
8. References
- Provide at least [2–3] client references with similar service scope.
9. Certifications and Attestations
-
List all relevant industry certifications (e.g., PCI DSS, HIPAA compliance, SOC reports).
-
Attestation of compliance by an officer of the vendor.
List all relevant industry certifications (e.g., PCI DSS, HIPAA compliance, SOC reports).
Attestation of compliance by an officer of the vendor.
10. Declaration
I, the undersigned, certify that the information provided is true, accurate, and complete.
Vendor Authorized Representative: ____________________________
Title: _______________________________________
Date: _______________________________________