Skip to main content
Back to Help Center

Assessment Templates

Use pre-built frameworks or create custom security questionnaires

What are Templates?

Assessment templates are reusable questionnaires that define the security questions you ask vendors. Each template contains sections of questions with assigned weights and criticality levels that determine how responses affect the final risk score.

Ezy Risk comes with pre-built templates based on industry-standard security frameworks, and you can also create your own custom templates tailored to your organization's requirements.

Pre-Built Templates

ISO

ISO 27001 Security Assessment

Comprehensive information security management assessment based on ISO 27001 controls. Covers access control, cryptography, operations security, and more.

~80 questions8 sections
NIST

NIST Cybersecurity Framework

Assessment based on the NIST CSF core functions: Identify, Protect, Detect, Respond, and Recover. Ideal for U.S. government contractors and critical infrastructure vendors.

~60 questions5 sections
SOC

SOC 2 Readiness Check

Evaluates vendor readiness against SOC 2 trust service criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

~50 questions5 sections
GDPR

GDPR Compliance Review

Data protection assessment for vendors processing EU personal data. Covers lawful basis, data subject rights, cross-border transfers, and breach notification.

~45 questions6 sections
QDD

Quick Due Diligence

Streamlined 30-question assessment for rapid vendor evaluation. Covers essential security controls without the depth of full framework assessments. Perfect for initial screening.

30 questions4 sections

Creating Custom Templates

To create a custom template that matches your organization's specific requirements:

  1. 1

    Navigate to Templates

    Go to Settings → Templates in your dashboard

  2. 2

    Click "Create Template"

    Start from scratch or clone an existing template

  3. 3

    Add Sections

    Organize questions into logical sections (e.g., "Access Control", "Data Protection")

  4. 4

    Add Questions

    Create questions with response types: Yes/No, Multiple Choice, Text, or File Upload

  5. 5

    Configure Scoring

    Set question weights, criticality levels, and auto-fail triggers

  6. 6

    Save and Publish

    Your template is now available when creating new assessments

Question Configuration Options

Question Types

  • Yes/No - Binary response
  • Multiple Choice - Select from options
  • Text - Free-form explanation
  • File Upload - Evidence attachment

Criticality Levels

  • Critical - Must-have controls (4x weight)
  • High - Important security (2x weight)
  • Medium - Standard controls (1x weight)
  • Low - Best practices (0.5x weight)

Auto-Fail Triggers

Mark critical questions as auto-fail. A "No" answer automatically elevates risk to High or Critical regardless of score.

Evidence Requirements

Require vendors to upload supporting evidence (policies, certifications) for full credit on specific questions.

Managing Templates

Editing Templates

You can edit templates at any time. Changes only affect new assessments - existing assessments continue using the version that was in effect when created.

Cloning Templates

Clone any template (including pre-built ones) to create a customized version. This is useful when you want to start with a framework but add organization-specific questions.

Archiving Templates

Templates with completed assessments cannot be deleted. Instead, archive them to hide from the template picker while preserving historical data.

Related Articles

Sending Assessments
Send questionnaires to vendors
Risk Scoring
How scores are calculated