Skip to main content

Tips before you start: how to prepare for the assessment

Get practical advice on how to prepare for your CyberVadis assessment before you begin, so you can complete it efficiently and achieve the most representative score possible.

Written by Ana Nikolaeva

Not sure what to expect? Watch our short video walkthrough of the full assessment process before you begin: ▶ Watch: How Does the CyberVadis Assessment Work? | 5 Simple Steps

Taking a little time to prepare before you begin the questionnaire will help you complete it more efficiently and achieve a score that accurately reflects your company's security posture. Here are the most important things to do before you start.

1. Gather your supporting evidence

Every answer in the questionnaire requires supporting evidence: documents, policies, screenshots, or other files that prove your declared security practices are in place. Without evidence, our analysts cannot credit your answers, no matter how accurate they are.

Before you start, identify which documents you are likely to need. Common examples include:

  • Information security policies

  • Risk assessment reports

  • Access control procedures

  • Incident response plans

  • Employee training records

  • Audit reports or compliance certificates

If your documents are not in English or French, please provide them in an editable format (such as MS Word) so our team can translate them if needed. Documents in English or French can be uploaded in any format.

For a full explanation of what evidence is required and how to upload it, see [Why evidence matters and what types are accepted].

2. Know your deadline and plan around it

Your questionnaire must be submitted within 20 days of receiving access, or by a specific deadline agreed with your client. Your deadline is displayed on your questionnaire summary page when you log in to the platform.

If you have all your documentation ready, expect to spend two to three days completing the questionnaire. Plan your timeline accordingly and involve the right colleagues early, do not leave it to the last few days.

If you need more time, request an extension before your deadline passes by contacting account.management@cybervadis.com.

3. Involve the right colleagues from the start

The questionnaire covers technical and organisational security practices across your entire company. One person is unlikely to have all the answers. We recommend involving colleagues from:

  • IT and infrastructure teams

  • Information Security or the CISO function

  • Data Protection or the DPO

  • Legal or compliance

Your company's CyberVadis Admin user can add colleagues to the platform at any time. See [How to invite colleagues to work on the questionnaire] for instructions.

If you hold a valid ISO 27001 certificate

Your assessment process includes an additional certificate upload step before the full questionnaire. See [I already hold ISO 27001 certification - what changes for me?] before you begin.

A few things to know before you start

  • The questionnaire autosaves as you work, you do not need to manually save your progress!

  • You can answer questions in any order and return to previous sections at any time

  • No software installation is required, the platform is fully web-based and accessible from any device with a stable internet connection

Related Articles
What is CyberVadis and why has my client asked me to participate?
What does the assessment process look like?
Glossary: key terms used in the CyberVadis assessment
Can I export or print the questionnaire to work offline?
Why evidence matters and what types are accepted
Did this answer your question?