We are a coalition of companies committed to improving Internet security.
Every day, industries across the globe depend on each other to embrace sound cybersecurity practices: yet in the past companies have not had a standardized way to assess the security of their peers. The VSA was formed to solve these issues and streamline vendor security compliance.
Download Our FREE Questionnaires
The VSA issues two free questionnaires, which will be updated annually:
VSA-Full: This is the classic VSA questionnaire which focuses deeply on vendor security. It is used by thousands of companies globally.
VSA-Core: This questionnaire, first available on October 24th, 2019, comprises the most critical questions on vendor security in addition to privacy. The privacy section covers both US Privacy (data breach notification requirements plus the new California data privacy law (CCPA)), plus EU Privacy (General Data Protection Regulation (GDPR)).
Become a member of the VSA
Members of the VSA may leverage our network of third party auditors, to carry out risk based assessments of their vendors; enabling members to assess more vendors, faster and cheaper than ever before.
More vendor audits significantly lowers existing vendor risk. Swap out insecure vendors for those with better security practices..
How it works
Many member companies outsource their vendor due diligence to the VSA. We provide a low-cost end-to-end service where 1) your vendor completes your selected questionnaire online 2) the results are audited by an experienced auditor, and answers are verified by a follow up interview if needed 3) You will receive an executive summary report for quick decision making, in addition to the completed questionnaire.
1. Send your vendor list
We first check if we have recently audited your vendors. If yes, you can immediately access these reports, once the vendor consents to share it.
2. Contact Vendors
The vendor will be contacted. They will the fill out the VSA questionnaire via our SAAS partner. Once this is completed we will assign an auditor.
3. Assign Auditor
When the vendor questions are submitted, an auditor will be assigned. The auditors interviews the vendor to ensure consistency and accuracy of the submitted results.
4. Generate Report
The report will leverage the scoring process created by the working group. The member will have access to both a summary report and the detailed answers the vendor submitted.Why use VSA?
Insecure vendors are the most common cause of data breaches.
Regulators require companies to carry out risk-based analysis of the security practices of their vendors. The VSA is an industrial security standard that can be leveraged to ensure compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Protection Act (CCPA), and similar regulations. Become a member now to get all the benefits.About Us
The Vendor Security Alliance (VSA) is a coalition of companies committed to improving Internet security.
Every day, industries across the globe depend on each other to embrace sound cybersecurity practices: yet in the past companies have not had a standardized way to assess the security of their peers. The VSA was formed to solve these issues and streamline vendor security compliance.
In collaboration with the VSA, top security experts and experienced compliance officers will release a yearly questionnaire to benchmark their risk. Companies can leverage this questionnaire to qualify vendors and ensure the appropriate controls are in place to improve security for everyone.
The VSA is organized as a non-profit organization. Any company interested in our mission may apply for membership.
The first questionnaire was released on October 1st 2016.
The 2019 VSA-Full questionnaire was released on Jan 1st 2019, while the 2019 VSA-CORE was released October 24th, 2019. Both are available to download.
Founding Companies
Some of our Members
Contact Us
