Free Questionnaire

Every year, we publish a free vendor questionnaire for use by any company to vet their supplier's security practices (third party risk) free of charge.

VSA members also gain access the SAAS version.


Faster, Better, Cheaper

Members of the VSA may leverage our network of third party auditors, to carry out risk based assessments of their vendors; enabling members to assess more vendors, faster and cheaper than ever before.

More vendor audits significantly lowers existing vendor risk. Swap out insecure vendors for those with better security practices.

Regulatory Compliance

Insecure vendors are the most common cause of data breaches.

Regulators require companies to carry out risk-based analysis of the security practices of their vendors. The VSA is an industrial security standard that can be leveraged to ensure compliance with the EU General Data Protection Regulation (GDPR) and similar regulations.

Mission Statement


The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security.

Every day, industries across the globe depend on each other to embrace sound cybersecurity practices: yet in the past companies have not had a standardized way to assess the security of their peers. The VSA was formed to solve these issues and streamline vendor security compliance.

In collaboration with the VSA, top security experts and experienced compliance officers will release a yearly questionnaire to benchmark their risk. Companies can leverage this questionnaire to qualify vendors and ensure the appropriate controls are in place to improve security for everyone.

The VSA is organized as a non-profit organization. Any company interested in our mission may apply for membership.

The first questionnaire was released on October 1st 2016 and is available below.

The second questionnaire will be released on December 1st 2017.

Companies that joined in 2016


Companies that joined in 2017

How it works

Members can leverage our international network of auditors:


Send the VSA your vendor list

We first check if we have recently audited your vendors. If yes, you can immediately access these reports, once the vendor consents to share it. Otherwise we proceed to step 2.

Vendor Contacted

The vendor will be contacted. They will the fill out the VSA questionnaire via our SAAS partner. Once this is completed we move to step 3.

Auditor Assigned

When the vendor questions are submitted, an auditor will be assigned. The auditors interviews the vendor to ensure consistency and accuracy of the submitted results.

Report Generated

The report will leverage the scoring process created by the working group. The member will have access to both a summary report and the detailed answers the vendor submitted.

Board of Directors

The Board is drawn from senior leaders in compliance and security