Worksheet

Vendor Security Review Triage Worksheet

A buyer-side worksheet for triaging vendor security reviews by risk, data access, business criticality, and review path.

Use this when procurement or security teams need to decide which vendors require lightweight review, full questionnaire, evidence request, or remediation follow-up.

Complete the triage before sending a vendor questionnaire. Use the result to choose the right assessment path and avoid over-reviewing low-risk suppliers.

Template

Copy this into your own doc

FieldYour entryWhat to put here
Vendor name *Name the supplier under review.
Data type *Describe the data the vendor can access or process.
Criticality *Low, medium, high, or critical.
Recommended review path *Light, standard, enhanced, or exception.
Remediation notesTrack required follow-up and owner.

Risk triage

Estimate the vendor review path before collecting evidence.

  • Data sensitivityRecord whether the vendor touches customer, employee, financial, production, or regulated data.
  • Business criticalityAssess operational dependency and replacement difficulty.

Review path

Choose the minimum review that still fits the risk.

  • Assessment depthLight review, standard questionnaire, enhanced review, or executive exception.
  • Remediation ownerAssign follow-up ownership if the review identifies gaps.