Vendor Risk Assessment Questionnaire

Interskill Learning sometimes contract for data services with outside parties or service providers; of concern are those circumstances where service providers process or hold Interskill Learning data. While Interskill Learning has taken steps to help ensure that its data is protected, service providers must also exercise appropriate controls to minimize the risk of exposing the data to potential unauthorized access and loss. 

A security assessment is required in all instances where:

  • Interskill Learning data is shared with a service provider
  • A service provider captures data for subsequent use by Interskill Learning

If the vendor uses a third party such as Amazon Web Services or Microsoft Azure, the vendor will need to work with that third party to answer questions specific to how and where Interskill Learning data is accessed and/or stored.

Questionnaire Instructions

As an organization that follows the ISO 27001 standard for information security management, we want to ensure our vendors handle our information in the same way. 

There are two ways of answering this questionnaire;

1. If you hold a certification in ISO 27001 (or an equivalent security standard) simply provide a copy of your certificate along with the details of whoever runs your ISMS

2. If you don’t yet hold certification then please complete the questions in the next section which are designed to evaluate your approach to information security. It draws on some of the key areas of ISO 27001. If you are able to answer the questions in this section confidently, you are likely well on the way to meeting the overall requirements.

Click or drag files to this area to upload. You can upload up to 5 files.
Please use this to upload your certifications and/or policy documents.
If YES, please upload a copy above, having done so there is no need to complete further questions.

Questionnaire

If yes, please upload the documented policy above. If no, please explain further.
If yes, please upload the documented policy above. If no, please explain further.
If yes, please upload the documented policy above. If no, please explain further.
If no, please explain further.
If no, please explain further.
If no, please explain further.
If yes, please upload the documented policy above. If no, please explain further.