Free Questionnaire

Every year, we publish a free vendor questionnaire for use by any company to vet their supplier's security practices (third party risk) free of charge.

VSA members also gain access the our hosted questionnaire so their vendors may complete it easily.

Faster, Better, Cheaper

Members of the VSA may leverage our network of third party auditors, to carry out risk based assessments of their vendors; enabling members to assess more vendors, faster and cheaper than ever before.

More vendor audits significantly lowers existing vendor risk. Swap out insecure vendors for those with better security practices.

Regulatory Compliance

Insecure vendors are the most common cause of data breaches.

Regulators require companies to carry out risk-based analysis of the security practices of their vendors. The VSA is an industrial security standard that can be leveraged to ensure compliance with the EU General Data Protection Regulation (GDPR) and similar regulations.

Mission Statement

The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security.

Every day, industries across the globe depend on each other to embrace sound cybersecurity practices: yet in the past companies have not had a standardized way to assess the security of their peers. The VSA was formed to solve these issues and streamline vendor security compliance.

In collaboration with the VSA, top security experts and experienced compliance officers will release a yearly questionnaire to benchmark their risk. Companies can leverage this questionnaire to qualify vendors and ensure the appropriate controls are in place to improve security for everyone.

The VSA is organized as a non-profit organization. Any company interested in our mission may apply for membership.

The first questionnaire was released on October 1st 2016.

The recent questionnaire was released in January 2019 and is available below.

Founding Companies

Companies that joined since 2016

How it works

Members can leverage our international network of auditors:

Send the VSA your vendor list

We first check if we have recently audited your vendors. If yes, you can immediately access these reports, once the vendor consents to share it. Otherwise we proceed to step 2.

Vendor Contacted

The vendor will be contacted. They will the fill out the VSA questionnaire via our SAAS partner. Once this is completed we move to step 3.

Auditor Assigned

When the vendor questions are submitted, an auditor will be assigned. The auditors interviews the vendor to ensure consistency and accuracy of the submitted results.

Report Generated

The report will leverage the scoring process created by the working group. The member will have access to both a summary report and the detailed answers the vendor submitted.


The Board is drawn from senior leaders in compliance and security

Dr. Ken Baylor

Dr. Ken Baylor

Former Head of Compliance at Uber and CISO at Symantec.

Dane Stuckey

Dane Stuckey

Acting CISO at Palantir Technologies.

Nate Jones

Nate Jones

Security Program Manager at Airbnb

Gary Miller

Gary Miller

Head of Information Security at TaskUs

Fredrick Lee

Fredrick Lee

Head Of Information Security at Square

Todd Redfoot

Todd Redfoot

Chief Privacy and Risk Officer at Go Daddy Software

Karim Adib

Karim Adib

Senior Director of Science and Engineering at RapportBoost.AI

Bala Natarajan

Bala Natarajan

Senior Manager Information Security at Pivotal