Vendor Request Email (Plain Human English)

Copy/paste the subject + email below into your message to the vendor. Replace the bracketed fields. This is designed to get useful answers even if the vendor contact is not technical.

Subject (copy/paste)
Quick request: how your service connects to our company (security + access + data location)
Email Body (copy/paste)
Hello [Vendor Name] team,

We use your service and we’re updating our vendor records so we know exactly:
1) where our data sits,
2) how people log in and exchange files/data, and
3) how quickly you tell us if something goes wrong.

This is not a long questionnaire. If you can reply to the four “Minimum Required” items today, that’s enough to get us moving.

MINIMUM REQUIRED (please reply with these 4 items)
1) Your security/trust page link (or any page where you publish security info): [URL]
2) If you confirm a security incident that could affect our data or our account, how quickly will you notify us?
   (example: “within 24 hours of confirmation”)
3) Where you post security updates / incident notices (status page, advisories page, mailing list): [URL]
4) Where our data is hosted (country/region is fine): [country/region]

HOW YOUR SERVICE CONNECTS TO US (this is the important part)
Please answer in plain words. Links or screenshots are fine.

A) Our account / portal
- What is the exact login/portal link we use? [URL]
- If we have an account ID / tenant ID / organization ID with you, what is it? [ID] (if unknown, say “unknown”)

B) What parts of your service we use
- Which products/features are enabled for our account?
  (Examples: “file transfer portal,” “shared links,” “admin console,” “integrations,” “API access,” “single sign-on.”)
- If you can, list the exact feature names as they appear in your product.

C) How files/data move between us
Which of these do we use with you? (Yes/No is fine)
- Upload/download through a website portal
- Shared links / external sharing
- Automated connection to another tool (integration)
- Scheduled reports/exports we download
- A separate file-transfer system or portal used by your team

If any answer is “Yes,” please describe what it’s used for and (if applicable) the link to the portal involved.

D) Vendor staff access
- Do any of your staff ever log in to our account or access our data to support us? (Yes/No)
- If Yes: how is that access controlled?
  (Examples: “only with customer approval,” “only for support tickets,” “logged,” “time-limited.”)

E) Other companies involved
- Do you use any other company/system to store or move our files/data for this service?
  If yes, what is the name of that system/company?

Thank you. Direct answers beat perfect answers. If it’s easier, you can point us to the right person/team and we’ll follow up.

Sincerely,
[Your Name]
[Company]
[Email]
[Phone optional]

P.S. Yes, this is tedious. So are incidents. We prefer tedious.

Tip: Ask vendors for links/screenshots if they can’t answer in writing. That still gives you the facts you need.

Scroll to Top

Protected by Security by CleanTalk