Template

Facility Quality Index Audit Checklist

by Julie Zhu, from the Community

Use this supplier due diligence and attestation checklist to evaluate third party vendors against key risk areas. Sections cover annual information security reviews and testing such as SOC 2, ISO 27001 and penetration tests, business impact assessments, business continuity and disaster recovery, IT service continuity, privacy and data protection, data residency locations, outsourcing disclosures, fraud and corruption, and modern slavery. Capture details, designate a privacy officer, and confirm compliance across the past 12 months.

With SafetyCulture you can

Digitize any process, procedure or policy

Eliminate mistakes made by paper-based processes

Create and share professional reports instantly

Confirm accountability and compliance with a digital log

With SafetyCulture you can

Digitize any process, procedure or policy

Eliminate mistakes made by paper-based processes

Create and share professional reports instantly

Confirm accountability and compliance with a digital log

About author

Community

This community page makes available free workplace checklists and templates created by other users within the SafetyCulture community. SafetyCulture has re-published this content and where possible, has credited the original author. SafetyCulture has not verified the accuracy, reliability or suitability of any community content. You agree that your use of any of this content is in accordance with SafetyCulture’s Terms and Conditions.

Template
Supplier Due Diligence Attestation
Use this supplier due diligence and attestation checklist to evaluate third party vendors against key risk areas. Sections cover annual information security reviews and testing such as SOC 2, ISO 27001 and penetration tests, business impact assessments, business continuity and disaster recovery, IT service continuity, privacy and data protection, data residency locations, outsourcing disclosures, fraud and corruption, and modern slavery. Capture details, designate a privacy officer, and confirm compliance across the past 12 months.
by Julie Zhu, from the Community
Downloads: 10+
Get
Template
Supplier Due Diligence Attestation Checklist
Use this supplier due diligence and attestation checklist to evaluate third party vendors on information security, privacy, business continuity and disaster recovery, outsourcing practices, fraud and corruption controls, and modern slavery risk. Capture annual evidence such as security frameworks, penetration testing or certifications, BCP testing, business impact assessments, disaster recovery results, and data protection policies. Confirm control reviews, incident reporting, legislative compliance, and designate accountable roles like privacy officer to ensure resilient and compliant supplier relationships.
by Julie Zhu, from the Community
Downloads: 10+
Get
Template
Annual Service Provider Review Checklist
Use this annual review checklist to evaluate third-party service providers across security and continuity criteria. Capture business details and services, review information security frameworks and external attestations such as SOC 2 or ISO 27001, confirm penetration testing results, and verify user access reviews. Request evidence of BCP and DR testing with scope, success criteria, and outcomes, and review the latest business impact assessment for critical processes and systems. Document findings and follow-up actions to maintain compliance and resilient vendor relationships.
by Julie Zhu, from the Community
Downloads: 10+
Get
Template
Suppliers Due Diligence - Claims
This supplier due diligence checklist focuses on insurance claims and regulatory compliance for Australian financial services. It helps assess documented claims processes aligned to the General Insurance Code of Practice, quality assurance, and fraud and anti-money laundering controls. It includes checks for vulnerable customer handling, complaints and IDR reporting to ASIC, and outsourcing governance. The template verifies AFS Licence status and obligations, conflicts of interest, and records management. It reviews information security frameworks, control testing, cyber incident notification to the Australian Cyber Security Centre, user access reviews, and segregation of duties. Business resilience sections cover BIA, BCP, IT service continuity, and disaster recovery. Additional sections address staff training and competence, incident management and AFCA notices, privacy governance and designated officer, and modern slavery risk management.
by Julie Zhu, from the Community
Downloads: 10+
Get

Supplier Due Diligence Attestation

by Julie Zhu, from the Community

10+

Get

Template

Supplier Due Diligence Attestation Checklist

Use this supplier due diligence and attestation checklist to evaluate third party vendors on information security, privacy, business continuity and disaster recovery, outsourcing practices, fraud and corruption controls, and modern slavery risk. Capture annual evidence such as security frameworks, penetration testing or certifications, BCP testing, business impact assessments, disaster recovery results, and data protection policies. Confirm control reviews, incident reporting, legislative compliance, and designate accountable roles like privacy officer to ensure resilient and compliant supplier relationships.

by Julie Zhu, from the Community

10+

Get

Template

Annual Service Provider Review Checklist

Use this annual review checklist to evaluate third-party service providers across security and continuity criteria. Capture business details and services, review information security frameworks and external attestations such as SOC 2 or ISO 27001, confirm penetration testing results, and verify user access reviews. Request evidence of BCP and DR testing with scope, success criteria, and outcomes, and review the latest business impact assessment for critical processes and systems. Document findings and follow-up actions to maintain compliance and resilient vendor relationships.

by Julie Zhu, from the Community

10+

Get

Template

Suppliers Due Diligence - Claims

This supplier due diligence checklist focuses on insurance claims and regulatory compliance for Australian financial services. It helps assess documented claims processes aligned to the General Insurance Code of Practice, quality assurance, and fraud and anti-money laundering controls. It includes checks for vulnerable customer handling, complaints and IDR reporting to ASIC, and outsourcing governance. The template verifies AFS Licence status and obligations, conflicts of interest, and records management. It reviews information security frameworks, control testing, cyber incident notification to the Australian Cyber Security Centre, user access reviews, and segregation of duties. Business resilience sections cover BIA, BCP, IT service continuity, and disaster recovery. Additional sections address staff training and competence, incident management and AFCA notices, privacy governance and designated officer, and modern slavery risk management.

by Julie Zhu, from the Community

10+

Get

Facility Quality Index Audit Checklist

About author

You might also like

Supplier Due Diligence Attestation

Supplier Due Diligence Attestation Checklist

Annual Service Provider Review Checklist

Suppliers Due Diligence - Claims

You might also like

Supplier Due Diligence Attestation

Supplier Due Diligence Attestation Checklist

Annual Service Provider Review Checklist

Suppliers Due Diligence - Claims