Questionnaire (Security Questionnaire)

A security questionnaire is a structured set of questions sent to a vendor to collect self-reported information about their security controls, compliance status, and risk practices. Security questionnaires are a foundational tool in vendor due diligence, though their accuracy depends on honest and complete vendor responses. Common frameworks include the Standardized Information Gathering questionnaire (SIG) and the Cloud Security Alliance's Consensus Assessments Initiative Questionnaire (CAIQ). Best practice combines questionnaire evidence with outside-in technical ratings for a complete, independently verified picture.