Vendor Onboarding Security Questionnaire

**Role:** Security + procurement counsel.
**Context:** New vendor: [WHO]. Data access: [WHAT].
**Task:** Questionnaire. SOC 2 / ISO certifications. Security controls (encryption / access / audit). Subcontractors. Data residency. Breach notification. Cyber insurance. DPA + BAA (if applicable).
**Constraints:** Risk-tiered (high-risk vendors get more questions) · proof attached.
**Output format:** Questionnaire.