Vendor Due Diligence Questionnaire Template

This Vendor Due Diligence Questionnaire (“Questionnaire”) is provided by [Company Name] to assess potential vendors’ qualifications, compliance, and risk factors before engagement. Vendors must provide accurate and complete responses to all sections.

1. Company Information

• Legal Entity Name: ____________________________

• Registered Address: ____________________________

• Primary Contact Name/Title: ____________________

• Years in Business: ____________________________

• Parent Company / Affiliates: ____________________

2. Financial Information

• Provide latest audited financial statements (last [2–3] years).

• Annual revenue range: ____________________________

• Credit references: ____________________________

• Any history of bankruptcy or insolvency? ☐ Yes ☐ No

3. Legal and Compliance

• Confirm compliance with applicable laws and industry regulations.

• Disclose any pending or past litigation, regulatory investigations, or fines.

• Provide licenses, certifications, or permits relevant to services offered.

4. Information Security and Data Protection

• Do you comply with GDPR, CCPA, or other data privacy laws? ☐ Yes ☐ No

• Describe data protection measures (encryption, access controls, data retention policies).

• Provide details of cybersecurity certifications (e.g., ISO 27001, SOC 2).

• Have you experienced a data breach in the last [X] years? If yes, provide details.

5. Business Continuity and Disaster Recovery

• Do you maintain a business continuity plan? ☐ Yes ☐ No

• Provide a summary of disaster recovery procedures.

• Average recovery time objective (RTO) and recovery point objective (RPO).

6. Subcontractors and Third Parties

• Do you subcontract any services? ☐ Yes ☐ No

• If yes, provide names of subcontractors and describe oversight measures.

• Confirm that subcontractors meet equivalent compliance standards.

7. Insurance Coverage

• Provide proof of insurance, including general liability, professional liability, and cyber liability coverage.

• Coverage limits: ____________________________

8. References

• Provide at least [2–3] client references with similar service scope.

9. Certifications and Attestations

• List all relevant industry certifications (e.g., PCI DSS, HIPAA compliance, SOC reports).

• Attestation of compliance by an officer of the vendor.

10. Declaration

I, the undersigned, certify that the information provided is true, accurate, and complete.

Vendor Authorized Representative: ____________________________
Title: _______________________________________
Date: _______________________________________