Vendor Risk Assessment Questionnaire

The purpose of this Vendor Risk Assessment is to support a consistent and effective process for evaluating and managing risks associated with third-party vendors that provide goods or services to Interskill Learning (USA), LLC and its subsidiaries, Interskill Learning Services Ltd. and Interskill Learning Pty Ltd. The information collected through this questionnaire helps Interskill assess vendor risk, confirm compliance with applicable regulatory and security requirements, and support the protection and continuity of our business operations.

This assessment applies to all vendors, including but not limited to technology providers, software vendors, service providers, and suppliers, and may be used during vendor onboarding as well as for ongoing vendor reviews.

Please enable JavaScript in your browser to complete this form.

Company Name

Name *

First

Last

Email *

Phone

Questionnaire Instructions

As an organization that follows the ISO 27001 standard for information security management, we want to ensure our vendors handle our information in the same way. 

There are two ways of answering this questionnaire;

1. If you hold a certification in ISO 27001 (or an equivalent security standard) simply provide a copy of your certificate along with the details of whoever runs your ISMS

2. If you don’t yet hold certification then please complete the questions in the next section which are designed to evaluate your approach to information security. It draws on some of the key areas of ISO 27001. If you are able to answer the questions in this section confidently, you are likely well on the way to meeting the overall requirements.

Upload Certifications and Documents *

Drag & Drop Files, Choose Files to Upload You can upload up to 5 files.

Please use this to upload your certifications and/or policy documents.

Do you hold a current certification for ISO 27001 or a related security standard (eg NIST)? *Please SelectNOYES

If YES, please upload a copy above, having done so there is no need to complete further questions.

Questionnaire

Do you have a documented risk management approach?Please SelectNOYES

If yes, please upload the documented policy above. If no, please explain further.

Since you answered No above, please explain your risk management approach/procedures.

Do you have a defined information security policy? Please SelectNOYES

If yes, please upload the documented policy above. If no, please explain further.

Since you answered NO above, please explain your information security policies.

Do your policies cover the use of portable technology such as mobiles, tablets and laptops?Please SelectNOYES

If yes, please upload the documented policy above. If no, please explain further.

Since you answered NO above, please explain further.

Do your information security policies cover staff working from home?Please SelectNOYES

If no, please explain further.

Since you answered NO above, please explain further.

Do you conduct background (eg: criminal record, right to work etc) screening on new staff?Please SelectNOYES

If no, please explain further.

Since you answered NO above, please explain further.

Background Checks

Do staff sign a non-disclosure agreement as part of their contract?Please SelectNOYES

If no, please explain further.

Since you answered NO above, please explain further.

NDA

Do you conduct staff training on information security? If so, how often?Please SelectNOYES – YearlyYES – QuarterlyYES – MonthlyYES – WeeklyYES – Other

Are your information security processes enforced with disciplinary consequences?Please SelectNOYES

Do you have a policy around the acceptable use of IT? Please SelectNOYES

If yes, please upload the documented policy above. If no, please explain further.

Since you answered NO above, please explain further.

Acceptable Use Policy

Do you permit the use of removable media, such as USB sticks? If so, how is that monitored?Please SelectNOYES But Not MonitoredYES Monitored ManuallyYES Monitored Automatically

Do you have an access control policy?Please SelectNOYES

Do you restrict access to system admin accounts? Please SelectNOYES

How do you physically protect our data held in your premises and systems?

Do you have a documented change management process? Please SelectNOYES

Do you enforce malware protection on devices within your company?Please SelectNOYES

Do you back up the data you hold on our behalf? If so, how often is data backed up and how is it protected?

Do you conduct any network monitoring or scanning? Do you check for unknown devices connected to your WiFi?

Would any of our data ever be used on your test system, or for testing purposes?Please SelectNOYES

Do you use any third parties that would be processing our data on your behalf? How do you verify their approach to information security?

Do you track information security incidents and events?Please SelectNOYES

Do you operate a formal business continuity and disaster recovery plan? If so, when was it last tested?Please SelectNOYES – Not TestedYES – Tested YearlyYES – Tested QuarterlyYES – Tested MonthlyYES – Tested other time frames

Are all relevant legislative statutory, regulatory, contractual requirements and the organization’s approach to meet these requirements documented?NOYES

Is any data you hold on our behalf transferred internationally?Please SelectNOYES

If YES, please list the countries our data would reside in and transfered to and from.

Privacy Policy/Terms & Conditions *

• I agree with Interskill Learning’s terms and privacy policy.

Submit