Request Documents and Questionnaires from Vendors
Learn how to request documents and security questionnaires from vendors in Sprinto, including uploading custom questionnaires and managing submissions.
Sprinto enables you to request documents and security questionnaires from vendors as part of your vendor risk management and compliance workflows.
Using this feature, you can:
Collect compliance documents (ISO, SOC, GDPR, PCI, etc.)
Send standard or custom security questionnaires
Configure vendor communication and internal notifications
Track submissions and responses
Lock submitted evidence for audit purposes
Key Behaviours and Limits
Maximum 5 files per document request item
Custom questionnaire upload limit: 500 MB
Vendors can delete uploaded files before submission only
Submission is final and irreversible
Submitted responses become read-only
OTP-based secure vendor access
Use Cases
Compliance collection
Request ISO, SOC, GDPR, and PCI documents
Vendor risk assessment
Send standardised security questionnaires
Custom evaluations
Upload organisation-specific questionnaires
Audit readiness
Capture locked evidence for audits
Exception handling
Allow vendors to justify missing documents
How it Works
Step 1: Access the Vendor
Log in to the Sprinto dashboard.
Go to Data Library.
Select Vendors.
Open the All vendors tab.
Click on the required vendor.

Step 2: Create a Document Request
Navigate to Documents & links.
Click Request docs from vendor.

This opens the request panel where you configure documents, questionnaires, and communication settings.

Step 3: Configure the Request
Select Documents and Questionnaires
Choose the documents you want the vendor to upload (for example, ISO 27001 Report, GDPR DPA, PCI DSS Report).
Add security questionnaires:
Pre-built templates (SOC, ISO, PCI aligned)
Custom questionnaire (upload your own file)
For each item:
Mark it as Required or Optional.

Add a Custom Security Questionnaire
To upload your own questionnaire:
Scroll to Custom questionnaire.
Select it.
Upload your file using:
Drag and drop, or
Click to upload
Supported file types: CSV, DOC, DOCX, XLS, XLSX, PDF, ZIP, MSG, JSON Maximum file size: 500 MB
After uploading:
Click View to preview the file.
Delete the file if needed.
Mark it as Required or Optional.

Configure Email and Notifications
Set up how the request is communicated.
Recipients
Add vendor email addresses who will receive the request link.
While requesting, notify
Add internal stakeholders to be notified when the request is sent.
During request submission, notify
Add recipients who should be notified when the vendor submits responses.
Include recipients in submission notification
Enable this to notify earlier recipients when the vendor submits.

Customise Email Content
You can edit the email sent to the vendor:
Subject – Define the email subject
Header – Add an optional header
Body – Provide context, instructions, and compliance requirements
Optional:
Enable Show list of selected documents in email to include requested items.

Step 4: Preview and Send Request
Click Preview & send request.
Review:
Selected documents and questionnaires
Email recipients and content
Click Send request.

What Happens Next
The vendor receives a secure email link.
They verify their identity using OTP.
They:
Upload requested documents (up to 5 files per item)
Answer questionnaires or upload responses
Mark documents as unavailable (with justification, if needed)
They submit the request.
Manage and Edit Requests
You can manage an existing request after it has been sent to vendors.
Go to Documents & links.
Open the Requests view.

Select the required request to open the Request details drawer.
From here, you can manage the request lifecycle.

Edit an Existing Request
You can modify a request after sending it.
Click Edit next to Documents requested.
Available actions include:
Add or remove requested documents
Add or remove security questionnaires
Upload or update a custom questionnaire
Change document/questionnaire requirement status
Update request configuration
Click Update request once you have made the required changes.

In the pop-up the opens, review the changes.
Click Confirm to update your request.

Important
Documents or questionnaires that have already been uploaded or answered by the vendor cannot be removed or recalled. These appear under Uploaded / answered (cannot be recalled).
Add More Vendor Email Addresses
You can include additional vendor recipients after a request has been created.
Open the request details drawer.
Under Request sent to, click Add email address.

Enter the additional vendor contact.
Click Edit if you wish to edit the email subject and message.

Click Preview and send request to preview your changes.
Review your changes and click Send invite.

The newly added recipient receives access to the same request.
Send Reminder Emails
You can manually remind vendors to complete pending requests.
Open the request details drawer.
Under Request sent to, click Remind all.

Sprinto sends reminder notifications to all recipients associated with the request.
Sent reminders are tracked under Reminders sent.
Recall a Request
You can recall an active request if it is no longer needed.
Open the request details drawer.
Scroll to Recall request.
Click Recall.

In the pop-up that opens, click Recall.
After recall:
Vendors lose access to the request.
No additional uploads or submissions are allowed.
The request status changes to Recalled.
Revoke Access for Individual Recipients
You can revoke access for specific vendor contacts without recalling the full request.
Open the request details drawer.
Under Request sent to, locate the recipient.
Click Revoke access.

Click Revoke to confirm the action.
Once revoked:
The recipient can no longer access the request
Other recipients retain access
Track Request Activity
The request details drawer also provides visibility into:
Requested documents and questionnaires
Submission status
Recipient list
Reminder history
Request ownership and timestamps
This helps monitor vendor engagement throughout the request lifecycle.
Post-Submission Behaviour
After the vendor submits:
Submitted items appear under Uploaded / answered (cannot be recalled)
These items:
Cannot be edited
Cannot be deleted
Are stored as audit evidence
Questionnaires change from Start answering to View responses
Last updated

