Your security is only as strong as the suppliers who can reach your systems and data. These are the questions that reveal whether they are protecting you, or quietly putting you at risk.

What it is

A ready-made questionnaire you can send to your IT provider, software vendors, and any partner who handles your data or connects to your systems. It asks the right questions in clear language, covering their security practices, certifications, breach history, and what happens to your data if things go wrong.

How to use it effectively

1. Start with your most critical suppliers. Whoever holds your data or has access to your systems comes first. Your IT provider is usually top of the list.
2. Send it as a normal part of doing business. Good suppliers expect these questions and answer happily. Reluctance to answer is itself an answer.
3. Look for evidence, not reassurance. "Yes we are secure" means little. Certifications, named policies and clear processes mean a lot.
4. Follow up on the gaps. If a key supplier falls short, raise it. Their weakness becomes your breach. You are allowed to expect better.

Why it matters

Some of the biggest breaches in recent years came in through a supplier, not the target directly. Incoming UK regulation increasingly holds you responsible for the security of your supply chain. Asking these questions protects your business from someone else's mistake, and shows regulators and customers that you take it seriously.