Skip to content
Log in

Due diligence questionnaire (DDQ)

Definition

A structured questionnaire sent to a prospective vendor before onboarding, asking the vendor to describe its security controls, certifications, incident history, subprocessor relationships, and data handling practices. The DDQ is the primary pre-contract risk assessment instrument in most TPRM programmes.

Related terms

Offboarding controls
The set of actions taken when a vendor relationship ends: revoking access credentials, recovering or destroying shared data, terminating network connectivity, and...
Right-to-audit clause
A contractual provision that gives the organisation the right to audit or assess the vendor's security controls, either directly or through a...
Subprocessor
A third party engaged by a vendor (the processor) to perform part of the service that involves the organisation's data. Under GDPR...
Third-party risk
The information security, operational, legal, or reputational risk introduced to an organisation by its relationships with external parties including vendors, suppliers, cloud...
Vendor tiering
The classification of vendors into risk tiers, typically Tier 1 (critical), Tier 2 (significant), and Tier 3 (low), based on factors such...

Explained in

  • Third-Party Risk Management ProgrammeA structured questionnaire sent to a prospective vendor before onboarding, asking the vendor to describe its security controls, certifications, incident histor...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account