Vendor Questionnaires help organizations assess and manage third-party security risks. This feature is designed for compliance and security teams that need to collect, track, and evaluate vendors’ security practices using structured, customizable questionnaires.
With Drata, you can:
Create and edit questionnaires manually or by importing them in bulk
Customize the email template used to send questionnaires.
Send questionnaires and track responses.
Complete workflow overview:
Create and edit your questionnaires
You can build questionnaires from scratch or upload a CSV file to import multiple questions at once.
Considerations when importing questions
Avoid using commas in questions. Any text after a comma will be split into new columns. You can add the commas after importing the questions.
Conditional follow-up questions and custom response fields are not supported in the import. Add them after the import if needed.
You can import up to 500 questions per file.
Importing into an existing questionnaire overwrites and updates the entire questionnaire.
Create a questionnaire
Go to Settings > Vendor Questionnaires.
Select + Add Questionnaire.
Choose one of the following options:
From Scratch: Manually enter each question.
Import Questions: Upload a CSV file to import multiple questions. A downloadable template is provided for you.
You can save the questionnaire as a draft at any time. To make it available for sending, select Save.
Add or rearrange questions
You can insert questions at specific points in your questionnaire and rearrange them as needed.
To add a question: Select the + (Add) icon where you want to insert a question.
To rearrange questions: Drag and drop questions to change their order within the questionnaire.
Choose a response type
For each question, choose from the following response types:
Short Answer: Select an input format: text, email, website URL, or phone number.
Long Answer: Adds a large text box for extended responses.
Multiple Choice: Enter the options that users can select from.
You can allow a custom response field.
Checkboxes: Enter the multiple selectable options that users can select from.
You can allow a custom response field.
Yes/No: Displays a yes or no question.
You can add a follow-up question based on the answers.
Date: Allows user to select a date.
File Upload: Allows users to upload a file or indicate they do not have one.
Supported file types:
.doc,.docx,.jpeg,.json,.pdf
Make questions required
You can choose to require all questions or set requirements individually.
To require all questions
In the Questions section, enable Mark all questions as required.To require individual questions
Expand the question.
Enable Mark question as required.
Preview your questionnaire
You can preview both saved and draft questionnaires.
Select the questionnaire you want to preview.
Select the Preview button near the bottom left.
The preview displays your company’s name and logo. To update this information, go to Settings > Company Info.
Customize the default email template
You can personalize the email sent with the questionnaires. Set a default message that will be used when sending questionnaires to vendors. You can also customize the message for individual vendors at the time of sending.
To update the default email template:
Go to the Vendors page, then open the Settings tab.
Under Questionnaires, scroll down to Email and questionnaire page appearance.
Modify the email content as needed.
Header Preview: Displays your company name and logo as shown in the email. This information is pulled from your Company Info page.
Email Content: Shows the default message sent to vendors. To update the message, select the Edit icon near the top-right corner of the section.
Send questionnaires to vendors
After creating your questionnaire and customizing the email content, you're ready to send it to your vendors.
To send a questionnaire:
Go to the Vendors page.
Select a vendor that you want to send the questionnaire to.
If the vendor isn’t listed, select Add vendor.
Select the Security reviews tab.
Select New review and then select Security Review.
Select Questionnaire and then select Send via Drata.
In the send modal, do the following:
Select the questionnaire to send.
Enter the email address the questionnaires should be sent to.
You can add up to 5 email addresses.
(Optional) Edit the message in Message to the vendor to customize the email for this specific recipient.
Once sent, the vendor receives an email with a link to access and complete the questionnaire.
What the vendor receives
The vendor receives an email with a direct link to the questionnaire.
Standard questionnaires include 34 predefined security questions. These may include multiple-choice, short answer, long answer, and file upload formats.
Custom questionnaires display only the questions you’ve created
Track responses and view results
After a vendor submits a completed questionnaire:
The sender (or whoever initiated the survey) receives an email notification.
The notification includes a link to the vendor's profile, where you can:
View a table of all sent questionnaires
Download the response package
Each response package includes:
A non-editable PDF of the vendor’s responses
An optional CSV file
Any attachments uploaded by the vendor
Note
Vendors can upload images, videos, and PDFs. Unsupported file types are removed and marked with a .removed extension. Ask the vendor to resend these files or contact Drata Support for help retrieving them.
Learn more
To learn how to track security review status, schedule reminder emails and recurring reviews, or manage reviews such as SOC reports, go to Start and manage security reviews for your vendors.