Vendor privacy assessment reference

Based on the National Institute of Standards and Technology (NIST) Privacy Framework, the Osano Vendor Privacy Questionnaire allows you to evaluate a vendor’s privacy posture to understand potential risks and what measures may be appropriate to minimize them. Respondents will provide information about the structures, controls, and obligations related to their data privacy programs as well as measures they use to protect against data security incidents.

Governance. This section allows you to understand which organizational structures the respondents have in place to manage privacy risk, including policies, roles, procedures, and processes. Respondents will provide information on certifications, training, and their overall privacy risk strategy.

Control. This section includes information on policies, processes, and procedures intended to manage and minimize risk. Respondents will provide information about controls related to problematic data actions, authorization, and data subject rights.

Communication. This section allows you to understand how organizations maintain transparency and communicate data privacy policies and incidents. Respondents will provide details about record-keeping, disclosures, and breach communications.

Protection. In this section respondents will provide information about the data protection measures in place to ensure security during data processing.