⚠️ Select your experience
The steps to manage vendor questionnaires depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
Vendor questionnaires help you assess and document third-party security practices using structured, customizable questions. They are commonly used during vendor onboarding and periodic security reviews.
In Drata, questionnaires are templates. You build and manage them once, then send them to vendors as part of a security review.
What you can do with vendor questionnaires
With vendor questionnaires, you can:
Create questionnaires from scratch or import questions in bulk
Customize the default email sent to vendors
Send questionnaires as part of vendor security reviews
Track responses and download completed evidence packages
Access vendor questionnaires
To manage questionnaires, select Vendors → Questionnaires.
From this page, you can view, create, edit, and preview questionnaires.
Create a questionnaire
Select Create questionnaire.
Choose one of the following options:
From scratch: Manually add questions
Import questions: Upload a CSV file using the provided template. You can import up to 500 questions per file.
Import considerations
Avoid commas in question text. Text after a comma is treated as a new column.
Conditional follow-up questions are not supported during import.
Custom response fields are not supported during import.
Importing into an existing questionnaire overwrites the entire questionnaire.
Save the questionnaire.
You can save questionnaires as drafts. To make a questionnaire available for sending, save it as active.
Add and reorder questions
To add a question, select the Add (+) icon where you want it inserted.
To reorder questions, drag and drop them into the desired position.
Choose a response type
Each question supports one of the following response types:
Short answer (text, email, URL, or phone number)
Long answer
Multiple choice
Optional custom response
Checkboxes
Optional custom response
Yes / No
Optional follow-up question
Date
File upload
Supported file types:
.doc,.docx,.jpeg,.json,.pdf
Require responses
You can mark questions as required.
To require all questions, enable Mark all questions as required
To require a specific question:
Expand the question
Enable Mark question as required
Customize the default questionnaire email
You can set a default email message that vendors receive when you send a questionnaire.
To edit the default email template:
Select Vendors → Vendor settings.
Scroll to Email and questionnaire appearance.
Edit the email subject and message.
You can still customize the message for individual vendors when sending a questionnaire.
Send a questionnaire to a vendor
Questionnaires are sent as part of a security review.
Open Vendors → Current vendors or Prospective vendors.
Select a vendor.
Open the Security reviews section.
Select New review → Security review.
Select Questionnaire, then Send via Drata.
In the send modal:
Select the questionnaire
Enter up to 5 recipient email addresses
(Optional) Customize the message for this vendor
Send the questionnaire.
The vendor receives an email with a secure link to complete the questionnaire.
What vendors receive
An email with a direct link to the questionnaire
Only the questions included in the selected questionnaire
Standard questionnaires may include predefined security questions. Custom questionnaires include only the questions you created.
Track responses and download results
After a vendor submits a questionnaire:
The sender receives an email notification
Responses appear in the vendor profile
From the vendor profile, you can:
View all sent questionnaires
Download the response package
Each response package includes a non-editable PDF of responses.
File upload note
Unsupported file types are removed and marked with a .removed extension. Ask the vendor to resend the file or contact Support if needed.
Instructions for the Classic Experience ⬇️
Vendor Questionnaires help organizations assess and manage third-party security risks. This feature is designed for compliance and security teams that need to collect, track, and evaluate vendors' security practices using structured, customizable questionnaires.
With Drata, you can:
Create and edit questionnaires manually or by importing them in bulk
Customize the email template used to send questionnaires.
Send questionnaires and track responses.
Complete workflow overview:
Create and edit your questionnaires
You can build questionnaires from scratch or upload a CSV file to import multiple questions at once.
Considerations when importing questions
Avoid using commas in questions. Any text after a comma will be split into new columns. You can add the commas after importing the questions.
Conditional follow-up questions and custom response fields are not supported in the import. Add them after the import if needed.
You can import up to 500 questions per file.
Importing into an existing questionnaire overwrites and updates the entire questionnaire.
Create a questionnaire
Go to Settings > Vendor Questionnaires.
Select + Add Questionnaire.
Choose one of the following options:
From Scratch: Manually enter each question.
Import Questions: Upload a CSV file to import multiple questions. A downloadable template is provided for you.
You can save the questionnaire as a draft at any time. To make it available for sending, select Save.
Add or rearrange questions
You can insert questions at specific points in your questionnaire and rearrange them as needed.
To add a question: Select the + (Add) icon where you want to insert a question.
To rearrange questions: Drag and drop questions to change their order within the questionnaire.
Choose a response type
For each question, choose from the following response types:
Short Answer: Select an input format: text, email, website URL, or phone number.
Long Answer: Adds a large text box for extended responses.
Multiple Choice: Enter the options that users can select from.
You can allow a custom response field.
Checkboxes: Enter the multiple selectable options that users can select from.
You can allow a custom response field.
Yes/No: Displays a yes or no question.
You can add a follow-up question based on the answers.
Date: Allows user to select a date.
File Upload: Allows users to upload a file or indicate they do not have one.
Supported file types:
.doc,.docx,.jpeg,.json,.pdf
Make questions required
You can choose to require all questions or set requirements individually.
To require all questions
In the Questions section, enable Mark all questions as required.To require individual questions
Expand the question.
Enable Mark question as required.
Preview your questionnaire
You can preview both saved and draft questionnaires.
Select the questionnaire you want to preview.
Select the Preview button near the bottom left.
The preview displays your company's name and logo. To update this information, go to Settings > Company Info.
Customize the default email template
You can personalize the email sent with the questionnaires. Set a default message that will be used when sending questionnaires to vendors. You can also customize the message for individual vendors at the time of sending.
To update the default email template:
Go to the Vendors page, then open the Settings tab.
Under Questionnaires, scroll down to Email and questionnaire page appearance.
Modify the email content as needed.
Header Preview: Displays your company name and logo as shown in the email. This information is pulled from your Company Info page.
Email Content: Shows the default message sent to vendors. To update the message, select the Edit icon near the top-right corner of the section.
Send questionnaires to vendors
After creating your questionnaire and customizing the email content, you're ready to send it to your vendors.
To send a questionnaire:
Go to the Vendors page.
Select a vendor that you want to send the questionnaire to.
If the vendor isn't listed, select Add vendor.
Select the Security reviews tab.
Select New review and then select Security Review.
Select Questionnaire and then select Send via Drata.
In the send modal, do the following:
Select the questionnaire to send.
Enter the email address the questionnaires should be sent to.
You can add up to 5 email addresses.
(Optional) Edit the message in Message to the vendor to customize the email for this specific recipient.
Once sent, the vendor receives an email with a link to access and complete the questionnaire.
What the vendor receives
The vendor receives an email with a direct link to the questionnaire.
Standard questionnaires include 34 predefined security questions. These may include multiple-choice, short answer, long answer, and file upload formats.
Custom questionnaires display only the questions you've created
Track responses and view results
After a vendor submits a completed questionnaire:
The sender (or whoever initiated the survey) receives an email notification.
The notification includes a link to the vendor's profile, where you can:
View a table of all sent questionnaires
Download the response package
Each response package includes a non-editable PDF of the vendor's responses.
Note
Vendors can upload images, videos, and PDFs. Unsupported file types are removed and marked with a .removed extension.
Learn more
To learn how to track security review status, schedule reminder emails and recurring reviews, or manage reviews such as SOC reports, go to Start and manage security reviews for your vendors.