Supplier Cyber Security Self-Assessment

Name of Company Requesting this Assessment:

* Entering the name here will automatically update the text below.

1. Introduction & Business Context

Focus: Generic introduction and questions on business context.

This self-assessment is intended to provide both your organization, and [Client Name] with insights on Information & Cyber Security. The objective is to:

Identify the level of maturity of Information & Cyber Security.
Based on that, identify area's that might need specific attention.
For identified attention-area's, together, agree on improvement activities.

All questions are asked in the context of your organization as supplier of [Client Name].

The assessment includes the following parts:

This introduction and questions about the business context
Questions about any Third Party Assurance that might be available
The self-assessment questionnaire

The Supplier Security team of [Client Name] will evaluate the information you provide and - based on that - will contact you about either the assessment outcome or for further alignment on specific topics.

In case of any questions regarding this questionnaire, the assessment-process or other related topics, then please contact the [Client Name] Supplier Security team via: supplier.security@[Client Name].com

Organization Details

1. Please provide the name of your company. 2. Please provide your contact information. 3. Are you the correct contact for your organization? 4. Description of products/services provided to [Client Name]. 5. Please provide information about how Information & Cyber Security are organized in your organization. 6. Please give high level information about Information & Cyber Security in relation to the organizational structure.

2. Third Party Assurance

1. Do you have any third party assurance reports (e.g., ISO 27001, SOC2)?

This question specifically relates to any assurance that you might have (e.g. ISO 27001) for the business entities, locations and processes that provide products or services to [Client Name].

In case of a 'Yes', you can provide more information by answering additional questions below. In case of a 'No', you can provide - if relevant - information about any intentions or efforts that relate to future third party assurance.

2. Please specify which assurance reports are in place and available. Upload Evidence / Certificates

+ Click to Attach Certificate Images

(Supported: .png, .jpg, .jpeg)

If Third Party Assurance is available, please specify which assurance reports apply. Examples: ISO 27001, ISAE3000 / ISAE3402, SOC 2 type II, TISAX, CYRA (Specify Type and Level), Other...

It is important to specify if, and to what extent, the reports cover the business entities, locations and processes that provide products or services to [Client Name].

Information & Cyber Security Self-Assessment

1. Introduction & Business Context

Organization Details

2. Third Party Assurance

3. Self-Assessment Questionnaire

Assessment Report

Executive Summary

Category Performance Breakdown

Control Checklist & Compliance Status

Assessment Complete

Appendix: Supporting Evidence