Design a vendor security questionnaire.
Vendor Risk
Third-Party Risk Assessment
A vendor review workflow covering due diligence, control questions, risk scoring, and onboarding recommendations.
- Organization
- Cybersecurity Internship Portfolio
- Duration
- 2 weeks
- Project Type
- Vendor Risk
Business Context
Why the work mattered
Third-party services can introduce operational, compliance, and data protection risk. This project created a practical assessment model for reviewing vendors before onboarding or renewal.
Objectives
Engagement goals
Classify vendor criticality by data and business dependence.
Document risk scoring and review outcomes.
Recommend follow-up actions for high-risk vendors.
Methodology
Structured process
The methodology explains how the work moved from context gathering to documented recommendations.
Step 1
Criticality Review
Determine review depth based on business dependence.
Classified vendors by data access, service importance, and operational impact.
Step 2
Questionnaire Design
Collect relevant security evidence.
Built questions covering access, encryption, incident response, business continuity, and compliance.
Step 3
Scoring
Compare vendors consistently.
Developed criteria for low, medium, and high-risk outcomes.
Deliverables
Artifacts produced
Vendor Security Questionnaire
Assessment template for collecting relevant vendor security information.
Improves consistency and evidence quality during vendor reviews.
Skills Demonstrated
Professional competencies
Outcomes
Project impact
- Vendor review criteria became more consistent.
- Security and business stakeholders gained a shared risk language.
Lessons Learned
Professional growth
Related Projects
Continue exploring

Governance
Governance Policy Development
A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

Internal Audit
Internal Cybersecurity Audit
An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

Risk Management
Enterprise Risk Assessment
A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.
Discuss GRC opportunities
Contact Osen after reviewing this project or download the resume for a concise overview.