Request Documents and Questionnaires from Vendors

Sprinto enables you to request documents and security questionnaires from vendors as part of your vendor risk management and compliance workflows.

Using this feature, you can:

• Collect compliance documents (ISO, SOC, GDPR, PCI, etc.)

• Send standard or custom security questionnaires

• Configure vendor communication and internal notifications

• Track submissions and responses

• Lock submitted evidence for audit purposes

Key Behaviours and Limits

• Maximum 5 files per document request item

• Custom questionnaire upload limit: 500 MB

• Vendors can delete uploaded files before submission only

• Submission is final and irreversible

• Submitted responses become read-only

• OTP-based secure vendor access

Use Cases

How it Works

Step 1: Access the Vendor

1. Log in to the Sprinto dashboard.

2. Go to Data Library.

3. Select Vendors.

4. Open the All vendors tab.

5. Click on the required vendor.

Step 2: Create a Document Request

1. Navigate to Documents & links.

2. Click Request docs from vendor.

This opens the request panel where you configure documents, questionnaires, and communication settings.

Step 3: Configure the Request

Select Documents and Questionnaires

• Choose the documents you want the vendor to upload (for example, ISO 27001 Report, GDPR DPA, PCI DSS Report).

• Add security questionnaires:

  • Pre-built templates (SOC, ISO, PCI aligned)

  • Custom questionnaire (upload your own file)

For each item:

• Mark it as Required or Optional.

Add a Custom Security Questionnaire

To upload your own questionnaire:

1. Scroll to Custom questionnaire.

2. Select it.

3. Upload your file using:

   • Drag and drop, or

   • Click to upload

Supported file types: CSV, DOC, DOCX, XLS, XLSX, PDF, ZIP, MSG, JSON Maximum file size: 500 MB

After uploading:

• Click View to preview the file.

• Delete the file if needed.

• Mark it as Required or Optional.

Configure Email and Notifications

Set up how the request is communicated.

Recipients

• Add vendor email addresses who will receive the request link.

While requesting, notify

• Add internal stakeholders to be notified when the request is sent.

During request submission, notify

• Add recipients who should be notified when the vendor submits responses.

Include recipients in submission notification

• Enable this to notify earlier recipients when the vendor submits.

Customise Email Content

You can edit the email sent to the vendor:

• Subject – Define the email subject

• Header – Add an optional header

• Body – Provide context, instructions, and compliance requirements

Optional:

• Enable Show list of selected documents in email to include requested items.

Step 4: Preview and Send Request

1. Click Preview & send request.

2. Review:

   • Selected documents and questionnaires

   • Email recipients and content

3. Click Send request.

What Happens Next

• The vendor receives a secure email link.

• They verify their identity using OTP.

• They:

  • Upload requested documents (up to 5 files per item)

  • Answer questionnaires or upload responses

  • Mark documents as unavailable (with justification, if needed)

• They submit the request.

Manage and Edit Requests

You can manage an existing request after it has been sent to vendors.

1. Go to Documents & links.

2. Open the Requests view.

1. Select the required request to open the Request details drawer.

From here, you can manage the request lifecycle.

Edit an Existing Request

You can modify a request after sending it.

1. Click Edit next to Documents requested.

2. Available actions include:

   • Add or remove requested documents

   • Add or remove security questionnaires

   • Upload or update a custom questionnaire

   • Change document/questionnaire requirement status

   • Update request configuration

3. Click Update request once you have made the required changes.

1. In the pop-up the opens, review the changes.

2. Click Confirm to update your request.

Add More Vendor Email Addresses

You can include additional vendor recipients after a request has been created.

1. Open the request details drawer.

2. Under Request sent to, click Add email address.

1. Enter the additional vendor contact.

2. Click Edit if you wish to edit the email subject and message.

1. Click Preview and send request to preview your changes.

2. Review your changes and click Send invite.

The newly added recipient receives access to the same request.

Send Reminder Emails

You can manually remind vendors to complete pending requests.

1. Open the request details drawer.

2. Under Request sent to, click Remind all.

1. Sprinto sends reminder notifications to all recipients associated with the request.

2. Sent reminders are tracked under Reminders sent.

Recall a Request

You can recall an active request if it is no longer needed.

1. Open the request details drawer.

2. Scroll to Recall request.

3. Click Recall.

1. In the pop-up that opens, click Recall.

After recall:

• Vendors lose access to the request.

• No additional uploads or submissions are allowed.

• The request status changes to Recalled.

Revoke Access for Individual Recipients

You can revoke access for specific vendor contacts without recalling the full request.

1. Open the request details drawer.

2. Under Request sent to, locate the recipient.

3. Click Revoke access.

1. Click Revoke to confirm the action.

Once revoked:

• The recipient can no longer access the request

• Other recipients retain access

Track Request Activity

The request details drawer also provides visibility into:

• Requested documents and questionnaires

• Submission status

• Recipient list

• Reminder history

• Request ownership and timestamps

This helps monitor vendor engagement throughout the request lifecycle.

Post-Submission Behaviour

After the vendor submits:

• Submitted items appear under Uploaded / answered (cannot be recalled)

• These items:

  • Cannot be edited

  • Cannot be deleted

  • Are stored as audit evidence

• Questionnaires change from Start answering to View responses