A Standard Document sample questionnaire that organizations may use to assess a vendor's privacy and data security policies, processes, and practices. Organizations may use this questionnaire to conduct pre-engagement due diligence or help with ongoing vendor compliance and oversight activities. Questions are based on privacy and data security controls from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST Privacy Framework. This Standard Document has integrated notes with important explanations and drafting tips. Counsel or others should use it with Practice Note, Managing Privacy and Data Security Risks in Vendor Relationships.