Drata allows you to build, customize, and send vendor questionnaires. Learn how to:
Create and edit security questionnaires
Customize the email template
Send and track responses
To learn how to track security review status, schedule reminder emails and recurring reviews, or manage security reviews such as SOC reports, go to Start and manage security reviews for your vendors.
Create and edit security questionnaires
Use the Vendor Questionnaires page to create and manage custom security questionnaires.
Create a new questionnaire
Go to Settings > Vendor Questionnaires.
Select + Add Questionnaire.
Add or edit questions
Select the + (Add) icon where you want to insert a question.
You can insert a question at specific points in the questionnaire, or drag and drop questions to adjust their order.
Choose the appropriate response type based on your needs.
Response type:
Choose from the following:
Short Answer:
Select one of the following input formats: text, email, website URL, phone number
Email and website URL formats validate input automatically. For example, email addresses must include an @ symbol, and URLs must follow standard web formatting (such as
www.website.com
).
Long Answer:
Adds a large text box for extended responses.
Multiple Choice:
Enter the options that users can select from.
Optionally allow a custom response field
Checkboxes:
Enter the multiple selectable options that users can select from.
Optionally allow a custom response field
Yes/No:
Displays a yes or no question.
Optionally, add a follow-up question triggered by either answer. You can choose which answer will trigger the follow up question.
Date:
Provides a calendar interface for users to select a date.
File Upload:
Allows users to upload a file or indicate they do not have one.
Supported file types:
.doc
,.docx
,.jpeg
,.json
,.pdf
Make questions required
To require all questions:
Under the Questions section, enable Mark all questions as required.
To require individual questions:
Expand the question.
Enable Mark question as required.
Save your custom questionnaire
Preview your questionnaire
Note: New questionnaires you are currently creating cannot be previewed. You must create it first.
To preview the active questionnaire, select the Preview button at the bottom left corner.
The company name and logo shown in the header can by updated at Settings > Company Info page.
Customize your security questionnaire email
Drata enables you to personalize the email sent with your security questionnaire. You can customize the email either in Vendor settings or when sending the questionnaire to a specific vendor
To customize your questionnaire email:
Go to the Vendors page and then Settings tab in Drata.
Under Questionnaires, navigate to the Email and questionnaire page appearance section.
Here, you can modify the questionnaire email content.
Header preview section: Displays your company name and logo that will be displayed within the email. This is pulled from your Company Info page.
Email content section: Shows the email message that will be sent to vendors. To edit the email content, select the Edit icon near the top right corner of the section.
You can also customize your email for a specific vendor before sending the questionnaire through Drata.
Send a security questionnaire to a vendor
To send a security questionnaire to a vendor:
Go to the Vendors page in Drata.
Select a vendor that you want to send the questionnaire to.
Select the Security reviews tab.
Select New review and then select Security Review
Select Questionnaire > Send via Drata.
You can select the questionnaire you would like to send, the vendor's email address, and also customize the email's content under message to the vendor.
Questionnaire email
Within the Questionnaire email, the vendor will have the option to be directly taken to the survey.
For a standard questionnaire, the vendor will answer 34 security-related questions, which may include multiple-choice, text, and file upload options.
For a custom questionnaire, they will see the specific questions you created.
Once the vendor completes the questionnaire, the user who initiated the survey will receive an email notification. This email includes a link for you to navigate directly to the vendor's profile, where you can view the table listing all sent questionnaires along with a download link for the responses. Review the downloaded response package. Each package includes:
A non-editable PDF of the vendor’s responses
An optional CSV file
All attachments provided by the vendor
NOTE: Your vendor has the option to attach files to their questionnaire responses. Drata supports the retrieval of images, videos, and PDFs. Other unsupported files will be removed and have a .removed
extension inside the response package. You may choose to ask the vendor to send these files to you directly, or contact Drata's Technical Support team for assistance in retrieving them.