A common method in assessing risk about a third-party and their security practices is to ask them to respond to and complete a questionnaire. There are standard questionnaires available such as the Cloud Control Matrix (CCM) and the Standard Information Gathering (SIG) questionnaires. This P2P session will discuss methods to assess a third-party using questionnaires and security frameworks.