ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
 Vendor Preliminary Screening Questionnaire
2
SnoQuestionsResponder GuidelinesResponseDescription
3
1Details of the personnel filling the formName, Title and Date of the filling in the detailsEnter details here
4
2Name of the exact product, product link, or service link, along with the services offered by the product in scope.Add additional description about the product/service in comments.Paste link here
5
3Will the Service Provider require connection to or integration with any of PG' networks, applications, or services?If response is Yes, please explain in in comments
6
4Will the Service Provider collect, store, process, or transmit—either digitally, physically, or both—PII information, including PG client data, employee data, proprietary information, or any other PII data?If response is Yes/NA, please specify all PII information involved. Ex. fname, lname, email, SSN, et al.
7
5If Personally Identifiable Information (PII) is collected, will the Service Provider store, process, or transmit the PII outside the borders of the United States?If response is Yes/NA, please specify the location(s) in comments.
8
6Does the Service Provider have headquarters or offices in, or use products or services from, any country with security practices known to be risky or weak? Such countries include those on the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned nations list or those that regularly require increased screening and vigilance.If response is Yes/NA, explain in detail about the countries involved in comments.
9
7Does the Service Provider hold any valid and up-to-date industry-relevant third party attestations? For example: SOC2 Type2, ISO 27001:2022 certificate & Statement of Applicability (SOA), Cyber Essentials, 3P issued pentesting results within the last 12 months,  etc.If response is Yes, include all relevant attachments. If No, specify if there are future plans in comments. If this is a SaaS product, pentest results are mandatory. 
10
8Do you carry cyber insurance?If response is No, explain why and how compensations are managed.
11
9When was the cyber insurance last renewed?Enter the date in mm-dd-yyyy format
12
10Has there been an unplanned disruption within the last year?If response is Yes, explain the disruption details and countermeasures taken in comments.
13
11Has there been a data breach within the last 3 years?If response is Yes, explain breach details and countermeasures taken in comments.
14
12Will any components of the services provided be subcontracted or outsourced during the engagement?If response is Yes, explain the components of the services provided that will be subcontracted or outsourced during the engagement.
15
13Do you have controls in place to detect, prevent, and respond to attacks from cyber terrorists or hacktivists seeking to disrupt services, cause harm, or expose sensitive information?If response is Yes, explain the controls in place. If No, explain how such attacks are managed.
16
14Do you have controls in place to detect and prevent attacks from state-sponsored actors and organized cybercriminals attempting to steal or exfiltrate intellectual property, sensitive information, funds, or to extort through ransomware or data sales?If response is Yes, explain the controls in place. If No, explain how such attacks are managed.
17
15Do you have controls in place to detect and mitigate risks from insiders—whether malicious, coerced, or accidental—whose access or errors could cause extensive damage within your systems and networks?If response is Yes, explain the controls in place. If No, explain how such attacks are managed.
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100