Vendor Information Vendor / Company Name *
Primary Contact Name *
Primary Contact Title
Primary Contact Phone
Primary Contact Email *
IT / Security Contact (if different)
IT / Security Company (if outsourced)
IT / Security Phone
IT / Security Email
Describe your cybersecurity and privacy operations
If yes, please describe the conflict(s).
If yes, which agency / agencies?
If yes, please describe.
If yes, list countries.
If no, describe exceptions and roles involved.
Subcontractor country of origin.
Type of work performed by subcontractors.
If yes, please explain.
Information Security Practices Business Continuity Plan * — select — Yes No Partial Not applicable
Cybersecurity or Information Security Policy * — select — Yes No Partial Not applicable
Incident Response Plan * — select — Yes No Partial Not applicable
Records Retention Policy * — select — Yes No Partial Not applicable
SOC 1 / SOC 2 / SSAE-18 Reports * — select — Yes No Partial Not applicable
ISO Certification * — select — Yes No Partial Not applicable
Secure Disposal Procedures * — select — Yes No Partial Not applicable
Physical Safeguards (locked server rooms, key-card access) * — select — Yes No Partial Not applicable
Remote Work Policies * — select — Yes No Partial Not applicable
Firewalls & Intrusion Prevention * — select — Yes No Partial Not applicable
Encryption of data in transit and at rest * — select — Yes No Partial Not applicable
Remote Wipe Capability * — select — Yes No Partial Not applicable
Strong Password & MFA Enforcement * — select — Yes No Partial Not applicable
VPN for Remote Log-In * — select — Yes No Partial Not applicable
Company-Issued Devices Only * — select — Yes No Partial Not applicable
Mobile Device Management (MDM) * — select — Yes No Partial Not applicable
Virus & Malware Protection * — select — Yes No Partial Not applicable
Network Monitoring / SIEM * — select — Yes No Partial Not applicable
Penetration Testing * — select — Yes No Partial Not applicable
Vulnerability Assessments * — select — Yes No Partial Not applicable
Restrictions on Removable Media * — select — Yes No Partial Not applicable
Patch Management Program * — select — Yes No Partial Not applicable
Cybersecurity Insurance * — select — Yes No Partial Not applicable
Terminated Employee Access Revocation * — select — Yes No Partial Not applicable
Least Privilege / Role-Based Access Control * — select — Yes No Partial Not applicable
Access Rights Reviewed Annually * — select — Yes No Partial Not applicable
Backup & Redundancy Procedures * — select — Yes No Partial Not applicable
Data Loss Prevention (DLP) Solution * — select — Yes No Partial Not applicable
Fraudulent Wire Change Prevention (call-back policy) * — select — Yes No Partial Not applicable
📎
Documents: please email SOC 2 reports, ISO certificates, and policies to
vdd@mtradecraft.com — do not upload them here.
By submitting, you certify the responses are true and complete to the best of
your knowledge and acknowledge the client firm will rely on this information. Public information
about your firm only; do not include client data. Not legal advice.
