Skip to content
Home
Wyze Words
Our Services
Essential 8 (E8) Assessment & Audit
Essential 8 (E8) vs SOC 2
Cyber Strategy & Solutions
Data Loss Prevention (DLP)
DISP Cyber Consulting and Technical Services
Defence Industry Security Program (DISP)
Independent Cyber Advice
About
Contact Us
1300 744 915
Home
Wyze Words
Our Services
Essential 8 (E8) Assessment & Audit
Essential 8 (E8) vs SOC 2
Cyber Strategy & Solutions
Data Loss Prevention (DLP)
DISP Cyber Consulting and Technical Services
Defence Industry Security Program (DISP)
Independent Cyber Advice
About
Contact Us
1300 744 915
Search
Vendor Risk Assessment
Transparent and Open
Step
1
of
5
20%
Company
(Required)
Company Website
(Required)
ABN / ACN
(Required)
Submitter
(Required)
First Name
Last Name
Email
(Required)
Enter Email
Confirm Email
Position / Job Title
(Required)
Industry Type
(Required)
Advertising
Agriculture
Banking
Construction
Creatives
Data Management
Education
Entertainment
Fashion
Finance
Hospitality
Marketing
Retail
Services
Technology
Other
Cyber Security Governance & Risk Management
Provide an overview of your cyber security governance framework. Who is responsible for cyber security in your organisation, and how is it managed at an executive level?
(Required)
Describe the cyber security policies your organisation has in place, including data breach response, privacy, access control, and third-party risk management. (Attach copies where applicable.)
(Required)
Files ( If Applicable )
Drop files here or
Select files
Max. file size: 8 MB.
How often are your cyber security policies reviewed and updated, and how do you ensure compliance with evolving regulatory requirements?
(Required)
Explain your organisation’s approach to identifying, assessing, and mitigating cyber risks. How is risk assessment performed, and how are risks documented?
(Required)
Have you experienced a cyber incident, data breach, or security compromise in the past 24 months? If so, provide details on the incident, response actions taken, and lessons learned.
(Required)
2. Data Protection & Sovereignty
Where is data stored, processed, and backed up? List all cloud providers, data centers, and jurisdictions involved in the handling of our data.
(Required)
What measures are in place to ensure data sovereignty requirements are met, including regulatory obligations to store data within Australia (or relevant jurisdiction)?
(Required)
Describe the encryption protocols applied to data at rest and in transit. How do you manage encryption keys, and what access controls protect sensitive data?
(Required)
What is your organisation’s approach to data classification, retention, and secure deletion? Provide a high-level summary of your data retention policy.
(Required)
Do you have contractual agreements with your own vendors and cloud providers to ensure data security and compliance? Provide details on how these contracts are enforced.
(Required)
Access Control & Identity Management
Describe your approach to access management, including user authentication, privileged account controls, and multi-factor authentication (MFA) policies.
(Required)
How do you manage access for external contractors, third-party vendors, and temporary staff who interact with your systems and data?
(Required)
What processes are in place to monitor and audit system access, detect unauthorised activity, and respond to potential breaches?
(Required)
How is user access reviewed and revoked when employees or contractors leave the organisation or change roles?
(Required)
Do you conduct regular security awareness training for staff, including phishing simulations, social engineering tests, and policy compliance training?
(Required)
4. Incident Response & Business Resilience
Provide an overview of your Incident Response Plan (IRP). How do you detect, respond to, and recover from cyber incidents? (Attach a summary or table of contents if available.)
(Required)
Files ( If Applicable )
Drop files here or
Select files
Max. file size: 8 MB.
How frequently do you conduct cyber incident response exercises, and what stakeholders are involved in these drills?
(Required)
Outline your Business Continuity and Disaster Recovery Plans (BCP/DRP). How do you ensure operational resilience in the event of a cyber attack, data loss, or service disruption?
(Required)
In the event of a security breach affecting our data, what is your notification process, and what information would be provided to us?
(Required)
What cyber insurance coverage does your organisation maintain? What specific risks are covered (e.g., third-party liability, data breach costs, business interruption)?
(Required)
5. Supply-Chain & Third-Party Risk Management
Describe your approach to vendor risk management. How do you assess and monitor security risks in your own supply chain?
(Required)
What due diligence do you perform on third-party providers before onboarding them, and how do you ensure their ongoing compliance with security policies?
(Required)
Do you subcontract or outsource any services that may impact our data security? If so, provide details on the security controls in place for these arrangements.
(Required)
What contractual protections are in place to ensure that your third-party providers adhere to required security and data protection standards?
(Required)
How do you ensure that security vulnerabilities identified in your supply chain are remediated in a timely manner?
(Required)
6. Compliance, Audits & Industry Standards
List the cyber security frameworks, industry certifications, or compliance standards your organization adheres to (e.g., ISO 27001, SOC 2, Essential 8, DISP, NIST CSF, GDPR, CPS 234).
(Required)
When was the last external security audit, penetration test, or compliance assessment conducted? Provide a high-level summary of the findings and remediation actions taken.
(Required)
How do you ensure compliance with data protection regulations (e.g., Australian Privacy Act, GDPR, CCPA)? What mechanisms are in place to prevent non-compliance?
(Required)
Would you be willing to undergo an independent security assessment or provide evidence of internal/external audits as part of our ongoing risk review?
(Required)
What additional risk mitigation measures do you have in place that differentiate your security posture from industry peers?
(Required)
Phone
This field is for validation purposes and should be left unchanged.
