CONFIDENTIAL — FOR AUTHORIZED USE ONLY  |  REACTFORCE SECURITY & RISK REVIEW
Reactforce logo
Reactforce Vendor Security QuestionnaireCybersecurity. Business. Resilience.
Version 2.0 NIST CSF 2.0 NCUA ACET GLBA Safeguards 22 Sections · Security Review
0 answered
Navigation
  • —Vendor Info
  • 01Data Governance
  • 02Data Location
  • 03People & Access
  • 04Devices & Endpoints
  • 05Network Security
  • 06DNS & DDoS
  • 07Vulnerability Mgmt
  • 08Application Security
  • 09Monitoring & SOC
  • 10Your Vendor Risk
  • 11Incident Response
  • 12Business Continuity
  • 13Assessments & Audits
  • 14Compliance & Certs
  • 15Governance
  • 16Authentication
  • 17Access Control
  • 18Training
  • 19Data Security
  • 20Insurance
  • 21AI Governance
  • 22Change Notification
  • —Attestation
Answered 0 / 65
📋

Completion Instructions

Complete all fields in the Vendor Information section below.

For each question, select Yes, No, or N/A.

Use the Evidence / Comments field to support your response — especially where explanation is requested.

Attach supporting documentation where referenced (SOC 2, pen test, BCP attestation, etc.).

An authorized representative must complete and submit the Attestation at the end.

Return to your designated the Client contact securely.

🏢

Vendor Information

Required
📂

1. Data Governance & Privacy

Q1–5
#  QuestionResponseEvidence / Comments
🌐

2. Data Location & Storage

Q6–9
#  QuestionResponseEvidence / Comments
👥

3. People & Access Controls

Q10–14
#  QuestionResponseEvidence / Comments
💻

4. Devices & Endpoint Security

Q15–19
#  QuestionResponseEvidence / Comments
🔒

5. Network Security

Q20–25
#  QuestionResponseEvidence / Comments
🛡️

6. DNS & DDoS Protection

Q26–27
#  QuestionResponseEvidence / Comments
🔍

7. Vulnerability & Patch Management

Q28–32
#  QuestionResponseEvidence / Comments
🛠️

8. Application Security

Q33–36
#  QuestionResponseEvidence / Comments
📊

9. Security Monitoring & SOC

Q37–40
#  QuestionResponseEvidence / Comments
🤝

10. Your Vendor Risk Management (Fourth-Party)

Q41–44
#  QuestionResponseEvidence / Comments
🚨

11. Incident Response

Q45–49
#  QuestionResponseEvidence / Comments
🏛️

12. Business Continuity & Disaster Recovery

Q50–54
#  QuestionResponseEvidence / Comments
📋

13. Assessments, Audits & Penetration Testing

Q55–58
#  QuestionResponseEvidence / Comments
✅

14. Compliance & Certifications

Q59–61
#  QuestionResponseEvidence / Comments
🏛️

15. Cybersecurity Governance

Q62–65
#  QuestionResponseEvidence / Comments
🔑

16. Authentication & Password Security

Q63–65
#  QuestionResponseEvidence / Comments
🚪

17. Access Control

#  QuestionResponseEvidence / Comments
🎓

18. Security Awareness & Training

#  QuestionResponseEvidence / Comments
🛡️

19. Data Security & Breach History

#  QuestionResponseEvidence / Comments
📁

20. Insurance

#  QuestionResponseEvidence / Comments
🤖

21. Artificial Intelligence (AI) Governance

#  QuestionResponseEvidence / Comments
🔔

22. Material Change Notification

#  QuestionResponseEvidence / Comments

Vendor Attestation & Signature

By signing below, the authorized representative of the vendor organization attests that the information provided in this questionnaire is accurate and complete to the best of their knowledge, and that the vendor organization will promptly notify the Client of any material changes to the information provided.
  • The information provided in this questionnaire is true, accurate, and complete to the best of my knowledge.
  • I am authorized to provide this information on behalf of my organization.
  • My organization will notify the Client within 24 hours of any confirmed or suspected incident affecting PII/PHI/CUI data.
  • My organization will notify the Client of material changes to this questionnaire's responses within 30 days of such change.
Reactforce — Third-Party Risk Management Program
Return completed form securely to your designated Reactforce contact. Version 2.0 · March 2026.
0

Modern Solutions. Secure Foundations. Smarter Growth.

(800) 881-5694

Copyright © 2026 Reactforce, LLC - All Rights Reserved

Privacy Policy