Compliance

Vendor Risk Assessment Template

Template for assessing third-party vendor risk — security posture, data handling, compliance certifications, and contract provisions.

Vendor Profile

Document vendor legal name, headquarters, and key contactsIdentify the services provided and data accessed or processedDetermine vendor risk tier (critical, high, medium, low)Review financial stability and business continuity posture

Security Assessment

Request and review SOC 2 Type II report or equivalentVerify encryption standards for data at rest and in transitReview access control policies and authentication requirementsCheck vulnerability management and penetration testing cadence

Data Handling

Confirm data classification and handling proceduresReview data retention and disposal policiesVerify data breach notification procedures and timelinesCheck sub-processor management and approval processes

Compliance & Certifications

Verify relevant compliance certifications (SOC 2, ISO 27001, HIPAA)Review regulatory compliance in applicable jurisdictionsCheck for any past regulatory actions or data breachesConfirm insurance coverage (cyber liability, E&O)

Contractual Protections

Review data processing agreement termsConfirm indemnification provisions for data breachesVerify right-to-audit clauses and exercise cadenceCheck termination provisions and data return obligationsSchedule annual vendor reassessment review

Get this as a downloadable PDF

Enter your email to receive a beautifully formatted PDF version of this checklist — perfect for printing or sharing with your team.

Related AI Analysis Tools

Go further than a checklist — let AI analyze your documents automatically.

AI Analyze Compliance Document AI Summarize Contract AI Review Compliance Document

Analyze Your Documents with AI

Upload any document and get AI-powered analysis with verifiable, click-to-source citations. Free to try.

Start Free