<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

Managing Vendor Questionnaires

At a recent IAPP conference, Schellman privacy practice leader, Avani Desai, spoke about the simple steps a third-party vendor can take to manage the influx of vendor questionnaires from their customers.

Previously available only to IAPP attendees, this presentation is now available in a visual format exclusively for you.

5 STEPS for


Service providers are inundated with vendor questionnaires on a daily basis. With time and resource constraints, many organizations are having trouble meeting these exponentially growing demands.

Here, we examine the reason of significant growth of questionnaires and how you can manage the flow and completion in an efficient manner.

Why the rise in vendor questionnaires?

More and more companies seek to increase agility and reduce costs by outsourcing business processes.

Business-process outsourcing (BPO) is continuing to grow. Globally, the BPO market is expected to increase to $232 billion, and domestically it’s expected to reach $105 billion by 2019.


$232 Billion

Globally by 2019

$105 Billion

Domestically by 2019
(Source: https://www.idc.com/getdoc.jsp?containerId=255752)

4 factors influencing
the increase in vendor questionnaires

With third-party vendors having access to, storing, or processing sensitive data, companies demand to know their vendors are properly safeguarding this valuable information.

These key factors are playing a role in the increase in questionnaires:
Multiple Vendor Chains
Regulatory Demands
Vendor Management Due Diligence
Breaches and Security Vulnerabilities

5 hurdles affecting vendors:

Resource Constraints
Unique and Irrelevant Questions
Varying Formats
Turnaround Times
On-Site Visits
Here are the 5 STEPS for


Step 1
Don’t recreate the wheel
Review both your internal and external audits you have completed and see if any of the information can be leveraged for the questionnaires. Examples include SOC examinations, internal audits, cloud and PCI audits, privacy audits, HIPAA/HITRUST certifications, and federal audits.
Step 2
Create a plan for success
Compile a diverse team (HR, IT, Marketing, Sales, Compliance) who can answer questions correctly and efficiently. Segregate the questions into batches and see  what questions will be provided to whom and a time limit for each person. Set up internal SLAs so timelines can be met and make sure to have backups in place if someone is unavailable.
Step 3
Track them
Have a process in place for completing questionnaires so all key individuals are informed in a timely manner. Using a GRC or tracking system to track the progress and accountability will streamline the current and future process. It will also allow for an audit trail if any questions arise.
Step 4
Create a framework
If you have answered a question once, you shouldn’t have to answer it again. Create a framework that allows you to easily centralize and search your previous answers. This framework should allow for easy updates as changes to your processes occur.
Step 5
Practice makes perfect
You will want to debrief after the first few vendor questionnaire processes. Get the stakeholders together to discuss any challenges to help make the process more efficient. It always helps to document the process so as new team members join, they will be easily integrated into it.