The 2025 edition of the AITEC-AIMA Illustrative Questionnaire for the Due Diligence of Vendor Technology and Cyber Security includes a number of key updates, including:

• A general refresh and reordering of the answer choices:
  • keeping them multiple choice to allow scoring and
  • making most of the lists alphabetical order to minimise any impression of preferred answers
• Reorganisation of questions and sections to better differentiate questions about the vendor and any relevant product or service, allowing better focus on:
  • customer access and access controls
  • customer data security
  • product/service vulnerability management
  • endpoint security
• Substantial revisions in areas such as:
  • security awareness and training
  • staff passwords
  • staff access controls
  • access management
  • sub-outsourcing
• New sections focussed on:
  • artificial intelligence
  • cloud computing
  • penetration testing
  • vulnerability assessments
• New process points:
  • threshold questions to allow users to skip sub-modules that are not relevant
  • additional options for presenting certain types of tabular information
  • ability to add questions in line with existing questions rather than at the end of a section
  • place for vendor to add more information about section topics beyond what is called for by the questions
  • option to provide free text overview of the vendor

For questions, contact Jennifer Wood ([email protected]).

• 

  Jennifer Wood

  Managing Director, Global Head of Asset Management Regulation & Sound Practices