Step 1: Register the supplier in the supplier register. Capture key metadata, risk level, and contact information.
Supplier name
CloudSecure AG
Category
Cloud hosting
Risk level
High risk
Contact
j.mueller@cloudsecure.ch
Contract end
31 Dec 2026
Step 2: Build a questionnaire template with categorised questions and criticality levels. Templates are reusable across multiple suppliers and support EN, DE, FR, ES.
AccessIs MFA enforced for all admin accounts?High
AccessAre access reviews performed quarterly?High
DataIs data encrypted at rest and in transit?High
DataIs there a data retention policy?Medium
IncidentIs there a documented incident response plan?Medium
BCPAre backups tested annually?Low
Step 3: Launch an assessment. Select the supplier, questionnaire, language, who responds, and who evaluates.
Responder
Supplier
Supplier answers via a secure portal link sent by email
Me (Self)
You fill out the questionnaire based on audit or documentation review
Evaluator
Me (Self)
You review and evaluate answers as a subject-matter expert
Expert Team (PRO)
Professional evaluation team reviews on your behalf. Uses 1 PRO token.
Language
English
Due date
30 Jun 2026
PRO tokens
12 remaining
Step 4: The supplier (or you in self-assessment mode) answers each question with Yes / No / Not relevant, provides justification, and uploads evidence.
Draft
→
On supplier
→
In evaluation
→
Completed
Is MFA enforced for all admin accounts?Yes
Are access reviews performed quarterly?No
Is data encrypted at rest and in transit?Yes
Is there a data retention policy?Yes
Is there a documented incident response plan?No
Are backups tested annually?N/R
Step 5: The evaluator reviews questionnaire answers and marks compliance. The OSINT score provides an independent view of the supplier's digital footprint — revealing gaps between what the supplier says and what the internet shows.
Draft
→
On supplier
→
In evaluation
→
Completed
Questionnaire evaluation
Is MFA enforced?YesCompliant
Quarterly access reviews?NoNot compliant
Data encrypted at rest/transit?YesCompliant
Data retention policy?YesPartial
Incident response plan?NoNot compliant
Backups tested annually?N/RNot evaluated
2
Compliant
1
Partial
2
Not compliant
60
Questionnaire score
OSINT digital footprint scan
72
B
CloudSecure AG · cloudsecure.ch
Scanned 10 Apr 2026 · Fresh (29 days remaining)
DNS & email hygiene15%
85
TLS/SSL posture20%
78
Web exposure25%
55
Breach history20%
68
Reputation & sanctions20%
82
Gap analysis — what they say vs what the internet shows
Questionnaire (self-assessment)60
OSINT scan (digital footprint)72
+12
Step 6: Assign a final rating based on evaluation results and OSINT findings. The rating feeds back into the supplier register and tracks risk over time. Click the shields to set the rating.