Skip to main content

Vendor Security Questionnaire

Updated over a week ago

Drata allows you to build, customize, and send vendor questionnaires. Learn how to:

  • Create and edit security questionnaires

  • Customize the email template

  • Send and track responses

To learn how to track security review status, schedule reminder emails and recurring reviews, or manage security reviews such as SOC reports, go to Start and manage security reviews for your vendors.

Create and edit security questionnaires

Use the Vendor Questionnaires page to create and manage custom security questionnaires.

Create a new questionnaire

  1. Go to Settings > Vendor Questionnaires.

  2. Select + Add Questionnaire.

Add or edit questions

  1. Select the + (Add) icon where you want to insert a question.

  2. You can insert a question at specific points in the questionnaire, or drag and drop questions to adjust their order.

  3. Choose the appropriate response type based on your needs.

Response type:

Choose from the following:

  • Short Answer:

    • Select one of the following input formats: text, email, website URL, phone number

      • Email and website URL formats validate input automatically. For example, email addresses must include an @ symbol, and URLs must follow standard web formatting (such as www.website.com).

  • Long Answer:

    • Adds a large text box for extended responses.

  • Multiple Choice:

    • Enter the options that users can select from.

    • Optionally allow a custom response field

  • Checkboxes:

    • Enter the multiple selectable options that users can select from.

    • Optionally allow a custom response field

  • Yes/No:

    • Displays a yes or no question.

    • Optionally, add a follow-up question triggered by either answer. You can choose which answer will trigger the follow up question.

  • Date:

    • Provides a calendar interface for users to select a date.

  • File Upload:

    • Allows users to upload a file or indicate they do not have one.

    • Supported file types: .doc, .docx, .jpeg, .json, .pdf

Make questions required

  • To require all questions:

    • Under the Questions section, enable Mark all questions as required.

  • To require individual questions:

    1. Expand the question.

    2. Enable Mark question as required.

Save your custom questionnaire

Preview your questionnaire

Note: New questionnaires you are currently creating cannot be previewed. You must create it first.

To preview the active questionnaire, select the Preview button at the bottom left corner.

The company name and logo shown in the header can by updated at Settings > Company Info page.

Customize your security questionnaire email

Drata enables you to personalize the email sent with your security questionnaire. You can customize the email either in Vendor settings or when sending the questionnaire to a specific vendor

To customize your questionnaire email:

  1. Go to the Vendors page and then Settings tab in Drata.

  2. Under Questionnaires, navigate to the Email and questionnaire page appearance section.

  3. Here, you can modify the questionnaire email content.

    • Header preview section: Displays your company name and logo that will be displayed within the email. This is pulled from your Company Info page.

    • Email content section: Shows the email message that will be sent to vendors. To edit the email content, select the Edit icon near the top right corner of the section.

You can also customize your email for a specific vendor before sending the questionnaire through Drata.

Send a security questionnaire to a vendor

To send a security questionnaire to a vendor:

  1. Go to the Vendors page in Drata.

  2. Select a vendor that you want to send the questionnaire to.

    • If the vendor you want to send the questionnaire to is not added, add the vendor.

  3. Select the Security reviews tab.

  4. Select New review and then select Security Review

  5. Select Questionnaire > Send via Drata.

  6. You can select the questionnaire you would like to send, the vendor's email address, and also customize the email's content under message to the vendor.

Questionnaire email

Within the Questionnaire email, the vendor will have the option to be directly taken to the survey.

  • For a standard questionnaire, the vendor will answer 34 security-related questions, which may include multiple-choice, text, and file upload options.

  • For a custom questionnaire, they will see the specific questions you created.

Once the vendor completes the questionnaire, the user who initiated the survey will receive an email notification. This email includes a link for you to navigate directly to the vendor's profile, where you can view the table listing all sent questionnaires along with a download link for the responses. Review the downloaded response package. Each package includes:

  • A non-editable PDF of the vendor’s responses

  • An optional CSV file

  • All attachments provided by the vendor

NOTE: Your vendor has the option to attach files to their questionnaire responses. Drata supports the retrieval of images, videos, and PDFs. Other unsupported files will be removed and have a .removed extension inside the response package. You may choose to ask the vendor to send these files to you directly, or contact Drata's Technical Support team for assistance in retrieving them.

Did this answer your question?