Purpose and Scope
This article defines the standard internal process for handling vendor requests for security questionnaires, security assessments, and security-related documentation. It ensures requests are handled consistently, securely, and within approved response SLAs.
Intake Process
Vendor submits a request via:
Zendesk ticket
Email to Support or Security
Account Manager escalation to Support
Support Team responsibilities:
Create or update a Zendesk ticket
Acknowledge receipt of the submitted request
Review the request details and any stated deadlines
Assign the appropriate priority based on the definitions below
Route the ticket to:
Security team as primary owner
Shane / Yoram
CC: Alfred on Zendesk ticket for visibility
Priority Levels and SLAs
Specific SLAs to be determined. Check back for updates.
Communication Guidelines
Always confirm receipt of the request and assigned priority.
Do not commit to timelines outside the approved SLAs without Security leadership approval.
If delays are expected:
Notify the vendor before the SLA expires
Provide an updated estimated completion date
Escalation Guidelines
Escalate immediately if:
The vendor requests information outside approved disclosures
There is uncertainty around data sensitivity or legal risk
The request appears related to a potential security incident
Escalation contacts:
Security Team (Shane / Yoram)
Leadership for SLA exceptions
Key Reminders
SLA assignment is based on risk and urgency, not vendor pressure.
All vendor security questionnaire requests must follow this process.
Consistency protects the company and our customers.