💡 Still using the classic Drata experience? Refer to Build Vendor Questionnaire for the original UI.
Vendor questionnaires help you assess and document third-party security practices using structured, customizable questions. They are commonly used during vendor onboarding and periodic security reviews.
In Drata, questionnaires are templates. You build and manage them once, then send them to vendors as part of a security review.
What you can do with vendor questionnaires
With vendor questionnaires, you can:
Create questionnaires from scratch or import questions in bulk
Customize the default email sent to vendors
Send questionnaires as part of vendor security reviews
Track responses and download completed evidence packages
Access vendor questionnaires
To manage questionnaires, select Vendors → Questionnaires.
From this page, you can view, create, edit, and preview questionnaires.
Create a questionnaire
Select Create questionnaire.
Choose one of the following options:
From scratch: Manually add questions
Import questions: Upload a CSV file using the provided template. You can import up to 500 questions per file.
Import considerations
Avoid commas in question text. Text after a comma is treated as a new column.
Conditional follow-up questions are not supported during import.
Custom response fields are not supported during import.
Importing into an existing questionnaire overwrites the entire questionnaire.
Save the questionnaire.
You can save questionnaires as drafts. To make a questionnaire available for sending, save it as active.
Add and reorder questions
To add a question, select the Add (+) icon where you want it inserted.
To reorder questions, drag and drop them into the desired position.
Choose a response type
Each question supports one of the following response types:
Short answer (text, email, URL, or phone number)
Long answer
Multiple choice
Optional custom response
Checkboxes
Optional custom response
Yes / No
Optional follow-up question
Date
File upload
Supported file types:
.doc,.docx,.jpeg,.json,.pdf
Require responses
You can mark questions as required.
To require all questions, enable Mark all questions as required
To require a specific question:
Expand the question
Enable Mark question as required
Customize the default questionnaire email
You can set a default email message that vendors receive when you send a questionnaire.
To edit the default email template:
Select Vendors → Vendor settings.
Scroll to Email and questionnaire appearance.
Edit the email subject and message.
You can still customize the message for individual vendors when sending a questionnaire.
Send a questionnaire to a vendor
Questionnaires are sent as part of a security review.
Open Vendors → Current vendors or Prospective vendors.
Select a vendor.
Open the Security reviews section.
Select New review → Security review.
Select Questionnaire, then Send via Drata.
In the send modal:
Select the questionnaire
Enter up to 5 recipient email addresses
(Optional) Customize the message for this vendor
Send the questionnaire.
The vendor receives an email with a secure link to complete the questionnaire.
What vendors receive
Vendors receive:
An email with a direct link to the questionnaire
Only the questions included in the selected questionnaire
Standard questionnaires may include predefined security questions. Custom questionnaires include only the questions you created.
Track responses and download results
After a vendor submits a questionnaire:
The sender receives an email notification
Responses appear in the vendor profile
From the vendor profile, you can:
View all sent questionnaires
Download the response package
Each response package includes a non-editable PDF of responses
File upload note
Unsupported file types are removed and marked with a .removed extension. Ask the vendor to resend the file or contact Support if needed.