Vendor Risk Assessment Checklist

Purpose

This checklist helps you assess risks before engaging a new IT vendor.

Assessment Areas

• Data access: What data will the vendor access?
• Security: Do they have ISO 27001 or equivalent?
• Compliance: Are they DPDP Act compliant?
• Financial stability: Are they financially stable?
• Business continuity: Do they have a BCP/DR plan?
• References: Can they provide client references?

Decision

If any critical area scores below 3, consider alternatives or require remediation before engagement.