Vendor Security Review Triage Worksheet
A buyer-side worksheet for triaging vendor security reviews by risk, data access, business criticality, and review path.
Use this when procurement or security teams need to decide which vendors require lightweight review, full questionnaire, evidence request, or remediation follow-up.
Complete the triage before sending a vendor questionnaire. Use the result to choose the right assessment path and avoid over-reviewing low-risk suppliers.
| Field | Your entry | What to put here |
|---|---|---|
| Vendor name * | Name the supplier under review. | |
| Data type * | Describe the data the vendor can access or process. | |
| Criticality * | Low, medium, high, or critical. | |
| Recommended review path * | Light, standard, enhanced, or exception. | |
| Remediation notes | Track required follow-up and owner. |
Risk triage
Estimate the vendor review path before collecting evidence.
- Data sensitivityRecord whether the vendor touches customer, employee, financial, production, or regulated data.
- Business criticalityAssess operational dependency and replacement difficulty.
Review path
Choose the minimum review that still fits the risk.
- Assessment depthLight review, standard questionnaire, enhanced review, or executive exception.
- Remediation ownerAssign follow-up ownership if the review identifies gaps.