Legal Templates
Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire for New Zealand

Supplier Security Assessment Questionnaire Template for New Zealand

A comprehensive security assessment questionnaire designed for evaluating suppliers' security controls, practices, and compliance status under New Zealand law, particularly the Privacy Act 2020 and related regulations. The document enables organizations to assess and manage third-party security risks by gathering detailed information about suppliers' security programs, data protection measures, incident response capabilities, and compliance status. It includes both mandatory and optional sections to accommodate different types of supplier relationships and industry-specific requirements.

Your data doesn't train Genie's AI

You keep IP ownership of your information

Generate a Bespoke Document

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Download a Standard Template

Get our New Zealand-compliant Supplier Security Assessment Questionnaire

4.6 / 5
4.8 / 5
Access for free
OR

Alternatively: Run an advanced review of an existing
Supplier Security Assessment Questionnaire

Let Genie AI's market-leading legal AI identify missing terms, unusual language, compliance issues and more - in just seconds.
Upload your Doc

What is a Supplier Security Assessment Questionnaire?

The Supplier Security Assessment Questionnaire is a critical risk management tool used by organizations in New Zealand to evaluate the security posture of their potential and existing suppliers. This document is designed to ensure compliance with New Zealand's Privacy Act 2020, the Contract and Commercial Law Act 2017, and other relevant regulations. It helps organizations gather comprehensive information about suppliers' security controls, data protection practices, incident response procedures, and compliance status. The questionnaire is particularly important in the context of increasing cyber threats and regulatory requirements for supply chain security. It typically forms part of the vendor due diligence process and may be used both during initial supplier selection and for ongoing supplier monitoring.

What sections should be included in a Supplier Security Assessment Questionnaire?

1. Company Information: Basic information about the supplier organization, including legal name, structure, key contacts, and business locations

2. Security Program Overview: High-level overview of the supplier's security program, including governance structure and security policies

3. Risk Management: Assessment of supplier's risk management practices, including risk assessment methodology and frequency

4. Data Protection and Privacy: Evaluation of data handling practices, privacy controls, and compliance with NZ Privacy Act 2020

5. Access Control: Assessment of logical and physical access controls, authentication methods, and privilege management

6. Network Security: Evaluation of network architecture, segmentation, monitoring, and protection measures

7. System Security: Assessment of system hardening, patch management, and configuration controls

8. Incident Management: Review of incident response procedures, breach notification processes, and business continuity plans

9. Third-Party Risk Management: Evaluation of how the supplier manages their own third-party risks and subcontractors

10. Compliance and Certification: Assessment of regulatory compliance and security certifications

What sections are optional to include in a Supplier Security Assessment Questionnaire?

1. Cloud Security Controls: Specific section for suppliers providing cloud-based services or storing data in the cloud

2. Financial Services Requirements: Additional requirements for suppliers serving financial institutions

3. Healthcare Data Protection: Specific controls for suppliers handling healthcare information

4. Government Agency Requirements: Additional controls required for suppliers working with government agencies

5. Development Security: For suppliers providing software development or maintaining applications

6. Physical Security: Detailed physical security assessment for suppliers with data centers or critical physical facilities

7. IoT Security: Specific controls for suppliers providing IoT devices or services

What schedules should be included in a Supplier Security Assessment Questionnaire?

1. Schedule A - Technical Requirements: Detailed technical security requirements and specifications

2. Schedule B - Compliance Checklist: Checklist of specific compliance requirements and standards

3. Schedule C - Required Documentation: List of security documentation that must be provided

4. Appendix 1 - Glossary: Definitions of technical terms and acronyms used in the questionnaire

5. Appendix 2 - Evidence Requirements: Specific requirements for evidence and documentation to support questionnaire responses

6. Appendix 3 - Scoring Matrix: Evaluation criteria and scoring methodology for assessing responses

7. Appendix 4 - Incident Response Template: Template for incident response and breach notification procedures

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image

Jurisdiction

New Zealand

Publisher

Genie AI

Document Type

Risk Assessment Document

Sector

Risk Management

Cost

Free to use
Relevant legal definitions
Access Control
Breach
Business Continuity Plan
Confidential Information
Critical Systems
Cyber Security Incident
Data Classification
Data Processing
Data Protection
Disaster Recovery Plan
Encryption
GDPR
Information Asset
Information Security Event
Information Security Incident
Information Security Management System (ISMS)
Information System
Malicious Code
Multi-Factor Authentication
Network Security
Personal Information
Privacy Act 2020
Privacy Breach
Risk Assessment
Risk Management
Security Controls
Security Patch
Sensitive Information
Service Level Agreement
Sub-processor
Supplier
System Security
Third Party
Threat
User Authentication
Vulnerability
Vulnerability Assessment
Clauses
Information Security Governance
Risk Management
Access Control
Data Protection
Privacy Compliance
Network Security
System Security
Cloud Security
Physical Security
Asset Management
Incident Response
Business Continuity
Disaster Recovery
Vulnerability Management
Change Management
Personnel Security
Third-Party Management
Compliance and Audit
Security Training
Data Classification
Encryption
Identity Management
Application Security
Mobile Device Security
Remote Access Security
Security Monitoring
Security Reporting
Documentation Requirements
Breach Notification
Records Management
Relevant Industries

Financial Services

Healthcare

Government

Technology

Telecommunications

Utilities

Professional Services

Manufacturing

Retail

Education

Insurance

Transportation and Logistics

Relevant Teams

Information Security

Risk Management

Procurement

Vendor Management

Compliance

IT Operations

Legal

Data Protection

Security Operations

Supply Chain

Internal Audit

Relevant Roles

Chief Information Security Officer

Information Security Manager

Risk Manager

Procurement Manager

Vendor Management Officer

Compliance Officer

IT Director

Security Analyst

Data Protection Officer

Third-Party Risk Manager

Information Security Analyst

Supply Chain Manager

Privacy Officer

IT Compliance Manager

Security Operations Manager

Industries
Privacy Act 2020: Primary legislation governing the collection, use, storage, and disclosure of personal information in New Zealand. Essential for ensuring suppliers handle personal data appropriately.
Contract and Commercial Law Act 2017: Governs electronic transactions and commercial relationships, relevant for digital security measures and electronic business operations.
Public Records Act 2005: Important for suppliers dealing with public sector organizations, setting requirements for record-keeping and information management.
Crimes Act 1961 (particularly sections relating to computer crimes): Relevant for cybersecurity requirements and legal obligations regarding computer systems and data protection.
Fair Trading Act 1986: Ensures suppliers provide accurate information about their security practices and capabilities.
NZISM (New Zealand Information Security Manual): Though not legislation, it's the NZ government's manual of information assurance and information systems security, providing security standards and guidelines.
Telecommunications (Interception Capability and Security) Act 2013: Relevant for suppliers providing telecommunications services or network security solutions.
Financial Markets Conduct Act 2013: Important for suppliers handling financial data or providing services to financial institutions.
Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

No matches found.

Village Hall Risk Assessment

A New Zealand-compliant risk assessment template for village halls and community facilities, outlining safety procedures and hazard management strategies.

find out more

Workstation Risk Assessment

A comprehensive workstation risk assessment document aligned with New Zealand workplace safety regulations, designed to evaluate and improve workstation ergonomics and safety.

find out more

Safety Task Assessment

A New Zealand-compliant document for assessing and controlling task-specific workplace safety risks under the Health and Safety at Work Act 2015.

find out more

Security Risk Assessment Report

A detailed security evaluation document compliant with New Zealand regulations that assesses organizational security risks and provides improvement recommendations.

find out more

Risk Assessment Report Of A Company

A detailed risk evaluation document compliant with New Zealand regulations that identifies, analyzes, and provides mitigation strategies for company-wide risks.

find out more

Risk Assessment Questionnaire For Banks

A structured risk assessment tool for New Zealand banks to evaluate and document their risk profile in compliance with RBNZ requirements.

find out more

Risk Assessment Letter

A formal document under New Zealand law that outlines identified risks, their potential impacts, and recommended mitigation strategies in compliance with local health and safety regulations.

find out more

Risk Assessment For Software Development

A comprehensive risk assessment document for software development projects, aligned with New Zealand legislation and industry standards.

find out more

Rapid Risk Assessment

A structured risk assessment document compliant with New Zealand health and safety regulations, designed for swift identification and evaluation of workplace hazards.

find out more

Psychological Risk Assessment

A structured assessment document for evaluating and managing workplace psychological risks under New Zealand health and safety legislation.

find out more

Plant And Equipment Risk Assessment

A comprehensive safety assessment document for plant and equipment required under New Zealand health and safety legislation, evaluating hazards, risks, and control measures.

find out more

Mobile Plant Risk Assessment

A New Zealand-compliant risk assessment document for evaluating and controlling safety risks associated with mobile plant operations, aligned with the Health and Safety at Work Act 2015.

find out more

Matter Risk Assessment Form

A New Zealand-compliant risk assessment tool for evaluating and documenting potential risks associated with new legal matters or professional engagements.

find out more

Hot Works Risk Assessment

A New Zealand-compliant safety assessment document for managing risks associated with works involving heat, flames, or sparks.

find out more

Hazard Assessment Form

A New Zealand-compliant workplace safety document for systematic hazard identification, risk assessment, and control measure implementation.

find out more

Equipment Risk Assessment

A regulatory-compliant assessment document for identifying and managing equipment-related risks in New Zealand workplaces under the Health and Safety at Work Act 2015.

find out more

Cyber Security Risk Assessment Matrix

A structured framework for assessing and managing cyber security risks, designed specifically for New Zealand organizations in compliance with local privacy and security regulations.

find out more

Compressed Air Risk Assessment

A New Zealand-compliant risk assessment document for evaluating and managing safety risks associated with industrial compressed air systems under NZ Health and Safety regulations.

find out more

Anti Bribery Risk Assessment

A structured evaluation of organizational bribery risks and control measures under New Zealand law, providing risk assessment and compliance recommendations.

find out more

Risk Control Assessment

A New Zealand-compliant document for identifying, analyzing, and establishing control measures for organizational risks, aligned with local Health and Safety regulations.

find out more

Personal Security Risk Assessment

A New Zealand-compliant document that evaluates personal security risks and provides recommendations for protective measures and risk mitigation strategies.

find out more

Patient Manual Handling Risk Assessment

A New Zealand-compliant risk assessment framework for evaluating and managing patient manual handling risks in healthcare settings.

find out more

Latex Risk Assessment

A comprehensive latex risk assessment framework for New Zealand workplaces, aligned with local health and safety legislation and hazardous substance regulations.

find out more

Baseline Risk Assessment For Electrical Work

A New Zealand-compliant risk assessment template for electrical work safety, incorporating local regulatory requirements and industry standards.

find out more

Stairs Risk Assessment

A New Zealand-compliant assessment document for identifying and managing risks associated with stairs in buildings, aligned with local health and safety regulations.

find out more

Broad Brush Risk Assessment

A comprehensive risk assessment document compliant with New Zealand health and safety legislation, used to identify and evaluate organizational hazards and risks.

find out more

Agricultural Risk Assessment

A New Zealand-compliant risk assessment document identifying and analyzing agricultural operation hazards, providing mitigation strategies and compliance measures under NZ legislation.

find out more

Fundraising Risk Assessment

A risk assessment document for fundraising activities in New Zealand, providing comprehensive risk evaluation and mitigation strategies while ensuring compliance with local regulations.

find out more

Demolition Risk Assessment

A New Zealand-compliant risk assessment document outlining safety measures and controls required for demolition operations under NZ health and safety regulations.

find out more

Cafe Risk Assessment

A New Zealand-compliant risk assessment document for identifying and managing safety hazards in cafe operations.

find out more

Excavator Risk Assessment

A New Zealand-compliant risk assessment document for excavator operations, addressing safety requirements and hazard controls under NZ health and safety regulations.

find out more

Return To Work Risk Assessment

A New Zealand-compliant risk assessment document for managing an employee's safe return to work following absence, aligned with NZ Health and Safety legislation and ACC requirements.

find out more

Building Security Risk Assessment

A detailed evaluation of building security risks and recommendations for improvements, compliant with New Zealand regulations and building codes.

find out more

Executive Summary Risk Assessment

A strategic overview of organizational risks and mitigation strategies, prepared in accordance with New Zealand regulatory requirements and corporate governance standards.

find out more

Project Assessment Matrix

A comprehensive project evaluation tool tailored for New Zealand's regulatory environment, used to assess and score projects against predetermined criteria.

find out more

Supplier Security Assessment Questionnaire

A New Zealand-compliant security assessment tool for evaluating supplier security controls and data protection practices under local privacy and security regulations.

find out more

Modern Slavery Risk Assessment

A structured framework for assessing modern slavery risks in operations and supply chains under New Zealand law and international standards.

find out more

Vulnerability Assessment Matrix

A structured framework for assessing and prioritizing security vulnerabilities in organizational systems, compliant with New Zealand privacy and security regulations.

find out more

Hospitality Risk Assessment

A New Zealand-compliant risk assessment framework for hospitality venues, addressing operational safety and regulatory requirements.

find out more

Hazard Identification Form

A New Zealand-compliant workplace hazard identification and risk assessment form for systematic hazard management and safety control.

find out more
See more related templates

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it

Generate Legal Docs Free

Create your first 2 documents for free
You keep IP ownership of your information
Your data doesn't train Genie's AI
2 Docs LeftAccess Now
*No registration required