Automate security questionnaires
Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x. Use our industry-leading questionnaire library or build your own questionnaires from scratch.
Never miss a vendor assessment deadline
Send standard or custom questionnaires to your vendors, configure questionnaire due dates, and set regular reminders to ensure they're completed.
Don't spend hours analyzing vendor risks
Risks are automatically identified and surfaced based on vendor responses for you to request remediation or waive them.
Seamlessly remediate vendor risks
Collaborate with vendors on mitigating risks using the risk assessment workflow, correspond in-line for specific vendor responses using auditable, built-in messaging, or simply add internal notes.
Lightweight, specialised TPRM platform
"UpGuard has the flexibility of having multiple bespoke questionnaire templates, and the platform is able to list the risks when a third party responds negatively, so that an internal risk team can either waive the risk or request remediation."
Insurance Executive
Enterprise Company (> 1000 emp.)
Automate security questionnaires
Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x. Use our industry-leading questionnaire library or build your own questionnaires from scratch.
Select multiple vendors, set deadlines and reminders for questionnaire completion.
View risks identified automatically based on
questionnaire responses and request remediation
.png)
.png)
Easily collaborate with vendors on their responses and remediation using built-in messaging
Questionnaire Library
Use questionnaires based on regulations and best practices from our industry-leading library.
ISO 27001 Questionnaire
Assesses an organization's security posture against the ISO 27001 standard with risks mapped against ISO 27001 domains. It is also suitable for the assessment of APRA CPS 234 requirements.
CyberRisk Questionnaire
Provides a comprehensive assessment of an organization's security posture, from their policy framework right down to their technical controls. It comprises four sections: Security and Privacy Programs, Physical and Data Center, Infrastructure, and Web Applications.
Higher Education Community Vendor Assessment Tool (HECVAT) Questionnaire
Assesses the vendor risk of higher education institutions, to ensure all cloud services utilised are appropriately assessed for security and privacy needs.
Health Insurance Portability and Accountability Act (HIPAA) Questionnaire
The Health Insurance Portability and Accountability Act (HIPAA) questionnaire determines if vendors with access to Protected Health Information (PHI) align with the United States HIPAA standard. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
Short Form Questionnaire
A condensed version of the CyberRisk Questionnaire, designed to be sent to smaller organizations. It focuses on the information security risks smaller organizations are typically exposed to, such as their backup process and email security concerns, while avoiding areas where small organizations are typically less mature (such as their information security policy framework).
SolarWinds Questionnaire
Designed to help you assess your vendors that may use SolarWinds.
NIST Cybersecurity Framework Questionnaire
Assesses an organization's security posture against the NIST Cybersecurity Framework.
Apache Log4J - Critical Vulnerability Questionnaire
Discovers third-party vendors that are using software or cloud services impacted by the Log4j vulnerability, either directly or via supply chains.
Kaseya Questionnaire
To help determine if you or your vendors were exposed to the sophisticated supply chain ransomware attack that affected Kaseya.
Security and Privacy Program Questionnaire
Focuses solely on an organization's security and privacy program.
Web Application Security Questionnaire
Focuses solely on an organization's web application security controls.
PCI DSS Questionnaire
Assess an organization's adherence to the twelve requirements of PCI DSS.
Modern Slavery Questionnaire
Designed to identify modern slavery risks, address identified risks, and highlight areas requiring further due diligence.
Pandemic Questionnaire
Designed to help you assess the impact of any current or future pandemics.
Infrastructure Security Questionnaire
Focuses solely on an organization's infrastructure security controls.
Essential Eight Questionnaire
Assesses compliance against the requirements of the Essential Eight framework, as determined by the Australian Signals Directorate (ASD).
Physical and Data Centre Security Questionnaire
Focuses solely on an organization's physical and data center security controls.
California Consumer Privacy Act (CCPA) Questionnaire
Assesses whether a vendor is compliant with the personal information disclosure requirements outlined in CCPA.
COBIT 5 Security Standard Questionnaire
Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.
ISA 62443-2-1:2009 Security Standard Questionnaire
Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.
ISA 62443-3-3:2013 Security Standard Questionnaire
Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.
GDPR Security Standard Questionnaire
Assesses compliance with the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).
CIS Controls 7.1 Security Standard Questionnaire
Assesses compliance against the best practice guidelines for cybersecurity outlined in 20 CIS Controls.
NIST SP 800-53 Rev. 4 Security Standard Questionnaire
Assesses compliance against the security and privacy controls required for all U.S. federal information systems except those related to national security.
