Cybersecurity Due Diligence Questionnaire

Summary

This template provides a list of questions to consider when developing a cybersecurity plan, and includes governance, general cybersecurity risk management, and past experience considerations. This template contains practical guidance and drafting notes. This questionnaire can be sent to suppliers and other third parties with whom you do business to establish the nature and extent of their information security and cybersecurity arrangements. It may also be called an information security supplier audit or cybersecurity supplier audit. It is not intended to be a comprehensive document for the telecommunications, financial services, or other essential services sectors, but rather it is aimed at compliance professionals in general commercial organisations. For a full listing of related data security & privacy content for first-year associates, see First-Year Associate Resource Kit: Data Security and Privacy. For a full listing of data security content that applies to federal government agencies, see Data Security & Privacy for Government Agencies Resource Kit. For a full listing of key content covering cybersecurity issues in ERISA benefit plans, see Cybersecurity Risk Management for ERISA Plans Resource Kit.