VENDOR ASSESSMENTS
From questionnaire to risk assessment
Automated vendor assessment with framework templates, scoring and gap analysis.
TEMPLATES
Ready-made templates for every framework
Start with best-practice questionnaires or create your own. Every template is customizable.
ISO 27001
Query Annex A controls. Assess vendors against ISO 27001.
TISAX
Check VDA ISA requirements. Assess automotive vendors.
DSGVO / GDPR
Check data protection compliance. Cover Art. 28 processing agreements.
NIS2
Check critical infrastructure requirements.
Create your own
Custom questionnaires for your specific requirements.
QUESTIONNAIRE
What an assessment looks like
Vendors answer structured yes/no questions. Automatically evaluated.
ISO 27001 Vendor Assessment
Does the vendor have a documented ISMS?
YesAre regular risk assessments conducted?
YesIs there an incident response process?
YesAre employees trained regularly?
NoIs a business continuity plan in place?
YesAre access rights granted on a least-privilege basis?
NoPROCESS
How an assessment works
Choose template
Choose from the library or create your own questionnaire.
Choose template
Choose from the library or create your own questionnaire.
Assign vendor
Define the contact person at the vendor.
Assign vendor
Define the contact person at the vendor.
Send assessment
Automatic dispatch via email with access credentials.
Send assessment
Automatic dispatch via email with access credentials.
Reminders & tracking
Automatic reminders. Status visible at any time.
Reminders & tracking
Automatic reminders. Status visible at any time.
Validate responses
Review received answers and ask follow-up questions if needed.
Validate responses
Review received answers and ask follow-up questions if needed.
Scoring & gap report
Automatic risk score and gap analysis against controls.
Scoring & gap report
Automatic risk score and gap analysis against controls.
SCORING
Transparent evaluation
Traceable, weighted and automated. No room for interpretation.
Scoring methodology
Responses are automatically scored. Each question has defined criteria and points.
Weighting
Weight categories individually. Data protection can count more than physical security.
Risk classification
Automatic classification: critical, high, medium, low. Recommendations included.
Automate vendor assessments
Let us show you how Kopexa handles questionnaires, scoring and gap analysis for you.