Skip to main content
All CollectionsVendors
Vendor Security Questionnaire
Vendor Security Questionnaire
Updated over 2 months ago

Drata allows you to build, customize, and send vendor questionnaires. Learn how to:

  • Create and edit security questionnaires

  • Customize the email template

  • Send and track responses

To learn how to track security review status, schedule reminder emails and recurring reviews, or manage security reviews such as SOC reports, go to Start and manage security reviews for your vendors.

Create and edit security questionnaires

To insert questions for your custom security questionnaire:

  1. Go to the Settings page and then Vendor Questionnaires.

  2. Select + Add Questionnaire to create a new questionnaire. If you would like to edit a Questionnaire, select the questionnaire you would like to edit.

  3. Build and update your questionnaire.

    • To insert or add a new question, select the addition (+) icons and a question. There are multiple places you can insert a question, depending on which order you would like the question to appear.

    • To require all questions, enable Mark all questions as required underneath the Questions section.

    • To require a specific question, expand the question's details and enable Mark question as required.

  4. Save your custom questionnaire

Preview your questionnaire

To preview the changes you made in your questionnaire, select the Preview button at the bottom left corner. New questionnaires may not be available for preview.

The company name and logo shown in the header can by updated at Settings > Company Info page.

Customize your security questionnaire email

Drata enables you to personalize the email sent with your security questionnaire. You can customize the email either in Vendor settings or when sending the questionnaire to a specific vendor

To customize your questionnaire email:

  1. Go to the Vendors page and then Settings tab in Drata.

  2. Under Questionnaires, navigate to the Email and questionnaire page appearance section.

  3. Here, you can modify the questionnaire email content.

    • Header preview section: Displays your company name and logo that will be displayed within the email. This is pulled from your Company Info page.

    • Email content section: Shows the email message that will be sent to vendors. To edit the email content, select the Edit icon near the top right corner of the section.

You can also customize your email for a specific vendor before sending the questionnaire through Drata.

Send a security questionnaire to a vendor

To send a security questionnaire to a vendor:

  1. Go to the Vendors page in Drata.

  2. Select a vendor that you want to send the questionnaire to.

    • If the vendor you want to send the questionnaire to is not added, add the vendor.

  3. Select the Security reviews tab.

  4. Select New review and then select Security Review

  5. Select Questionnaire > Send via Drata.

  6. You can select the questionnaire you would like to send, the vendor's email address, and also customize the email's content under message to the vendor.

Questionnaire email

Within the Questionnaire email, the vendor will have the option to be directly taken to the survey.

  • For a standard questionnaire, the vendor will answer 34 security-related questions, which may include multiple-choice, text, and file upload options.

  • For a custom questionnaire, they will see the specific questions you created.

Once the vendor completes the questionnaire, the user who initiated the survey will receive an email notification. This email includes a link for you to navigate directly to the vendor's profile, where you can view the table listing all sent questionnaires along with a download link for the responses. Review the downloaded response package. Each package includes:

  • A non-editable PDF of the vendor’s responses

  • An optional CSV file

  • All attachments provided by the vendor

NOTE: Your vendor has the option to attach files to their questionnaire responses. Drata supports the retrieval of images, videos, and PDFs. Other unsupported files will be removed and have a .removed extension inside the response package. You may choose to ask the vendor to send these files to you directly, or contact Drata's Technical Support team for assistance in retrieving them.

Did this answer your question?