New
DORA Questionnaire

Security Questionnaires

Accelerate your assessment process with powerful questionnaires that are ready to deploy out of the box.
Security Questionnaires Screenshot

Automate security questionnaires

Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x. Use our industry-leading questionnaire library or build your own questionnaires from scratch.

Never miss a vendor assessment deadline

Send standard or custom questionnaires to your vendors, configure questionnaire due dates, and set regular reminders to ensure they're completed.

Don't spend hours analyzing vendor risks

Risks are automatically identified and surfaced based on vendor responses for you to request remediation or waive them.

Seamlessly remediate vendor risks

Collaborate with vendors on mitigating risks using the risk assessment workflow, correspond in-line for specific vendor responses using auditable, built-in messaging, or simply add internal notes.

Stay a step ahead of compliance with DPDP and DORA questionnaires

Ensure your organization remains compliant with the latest global standards. Use pre-configured questionnaires to efficiently identify and mitigate risks that could endanger your organization.
Lightweight, specialised TPRM platform
"UpGuard has the flexibility of having multiple bespoke questionnaire templates, and the platform is able to list the risks when a third party responds negatively, so that an internal risk team can either waive the risk or request remediation."
G2 Badge
Avatar image
Insurance Executive
Enterprise Company (> 1000 emp.)

Automate security questionnaires

Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x. Use our industry-leading questionnaire library or build your own questionnaires from scratch.

Select multiple vendors, set deadlines and reminders for questionnaire completion.

View risks identified automatically based on
questionnaire responses and request remediation

Easily collaborate with vendors on their responses and remediation using built-in messaging

Questionnaire Library

Use questionnaires based on regulations and best practices from our industry-leading library.

Multi-Framework Questionnaire (MFQ)

The MFQ is a single, streamlined questionnaire that merges the two most globally utilized cybersecurity frameworks—ISO 27001:2022 and NIST 2.0—into one comprehensive assessment tool.

DORA Questionnaire

DORA is an EU regulation consisting of five key pillars that set out requirements for finance entities to withstand, respond to, and recover from ICT-related threats.

CPS 230 Questionnaire

Designed to assess compliance with APRA's CPS 230 standard, this questionnaire covers operational risk management, business continuity, and service provider arrangements for APRA-regulated entities.

DPDP Questionnaire

Designed to streamline compliance with India's new Digital Personal Data Protection (DPDP) Act, this questionnaire is essential for organizations handling personal data in the Indian market.

SIG Core Questionnaire

SIG Core provides comprehensive insights into third-party security, fulfilling the needs of most risk assessments aligned with industry standards.

SIG Lite Questionnaire

The SIG Lite was created by Shared Assessments and contains a set of 128 risk control questions designed to help organizations standardize the assessment of third-party vendors.

ISO 27001 Questionnaire

Assesses an organization's security posture against the ISO 27001 standard with risks mapped against ISO 27001 domains. It is also suitable for the assessment of APRA CPS 234 requirements.

CyberRisk Questionnaire

Provides a comprehensive assessment of an organization's security posture, from their policy framework right down to their technical controls. It comprises four sections: Security and Privacy Programs, Physical and Data Center, Infrastructure, and Web Applications.

Higher Education Community Vendor Assessment Tool (HECVAT)  Questionnaire

Assesses the vendor risk of higher education institutions, to ensure all cloud services utilised are appropriately assessed for security and privacy needs.

Health Insurance Portability and Accountability Act (HIPAA) Questionnaire

The Health Insurance Portability and Accountability Act (HIPAA) questionnaire determines if vendors with access to Protected Health Information (PHI) align with the United States HIPAA standard. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Short Form Questionnaire

A condensed version of the CyberRisk Questionnaire, designed to be sent to smaller organizations. It focuses on the information security risks smaller organizations are typically exposed to, such as their backup process and email security concerns, while avoiding areas where small organizations are typically less mature (such as their information security policy framework).

SolarWinds Questionnaire

Designed to help you assess your vendors that may use SolarWinds.

NIST Cybersecurity Framework Questionnaire

Assesses an organization's security posture against the NIST Cybersecurity Framework.

Apache Log4J - Critical Vulnerability Questionnaire

Discovers third-party vendors that are using software or cloud services impacted by the Log4j vulnerability, either directly or via supply chains.

Kaseya Questionnaire

To help determine if you or your vendors were exposed to the sophisticated supply chain ransomware attack that affected Kaseya.

Security and Privacy Program Questionnaire

Focuses solely on an organization's security and privacy program.

Web Application Security Questionnaire

Focuses solely on an organization's web application security controls.

PCI DSS Questionnaire

Assess an organization's adherence to the twelve requirements of PCI DSS.

Modern Slavery Questionnaire

Designed to identify modern slavery risks, address identified risks, and highlight areas requiring further due diligence

Pandemic Questionnaire

Designed to help you assess the impact of any current or future pandemics.

Infrastructure Security Questionnaire

Focuses solely on an organization's infrastructure security controls.

Essential Eight Questionnaire

Assesses compliance against the requirements of the Essential Eight framework, as determined by the Australian Signals Directorate (ASD).

Physical and Data Centre Security Questionnaire

Focuses solely on an organization's physical and data center security controls.

California Consumer Privacy Act (CCPA) Questionnaire

Assesses whether a vendor is compliant with the personal information disclosure requirements outlined in CCPA.

COBIT 5 Security Standard Questionnaire

Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.

ISA 62443-2-1:2009 Security Standard Questionnaire

Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.

ISA 62443-3-3:2013 Security Standard Questionnaire

Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.

GDPR Security Standard Questionnaire

Assesses compliance with the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).

CIS Controls 7.1 Security Standard Questionnaire

NIST SP 800-53 Rev. 4 Security Standard Questionnaire

Post Breach Questionnaire

To better understand the impact of vendor breaches on your organization and assist with remediation efforts. This questionnaire is designed to be sent to a vendor to assess any data exposure arising from a breach and its impact on related stakeholders.

Questionnaire Resources

The ultimate guide to attack surface and third-party risk management – actionable advice for security teams, managers, and executives.

Ready to see
UpGuard in action?