Vendor Security Alliance (VSA) - Full Questionnaire

By : 6clicks
Designed to help companies evaluate their supplier's security practices and streamline vendor security compliance. The questionnaire contains seven different sections: Data protection and access controls Security policies and procedures Proactive security measures Reactive security measures Software supply chain management Customer-facing application security Compliance
In stock


The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security. Every day, industries across the globe depend on each other to embrace sound cybersecurity practices: yet in the past companies have not had a standardized way to assess the security of their peers. The VSA was formed to solve these issues and streamline vendor security compliance.

In collaboration with the VSA, top security experts and experienced compliance officers will release a yearly questionnaire to benchmark their risk. Companies can leverage this questionnaire to qualify vendors and ensure the appropriate controls are in place to improve security for everyone.

The VSA is organized as a non-profit organization. Any company interested in our mission may apply for membership.

The first questionnaire was released on October 1st 2016. The 2019 VSA-Full questionnaire was released on Jan 1st 2019, while the 2019 VSA-CORE was released October 24th, 2019.

Regulators require companies to carry out risk-based analysis of the security practices of their vendors. The VSA is an industrial security standard that can be leveraged to ensure compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Protection Act (CCPA), and similar regulations. Become a member now to get all the benefits.

The VSA issues two free questionnaires, which will be updated annually:

VSA-Full: This is the classic VSA questionnaire which focuses deeply on vendor security. It is used by thousands of companies globally.

VSA-Core: This questionnaire, first available on October 24th, 2019, comprises the most critical questions on vendor security in addition to privacy. The privacy section covers both US Privacy (data breach notification requirements plus the new California data privacy law (CCPA)), plus EU Privacy (General Data Protection Regulation (GDPR)).

Getting Started

Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.

More Information

More Information
Jurisdiction All
Type Assessment