We encounter vendor security questionnaires constantly and, to be fair, they are a decent place to start. A good vendor security questionnaire forces suppliers to explain where they store information, who can access it, whether subcontractors handle the data and what security controls they claim to operate. That is useful. Vendor security questionnaires work far
