60% of security incidents arise from vendors and third parties. For this reason, Due Diligence Questionnaires (DDQs) are a common practice to mitigate risks when partnering with outside companies. As a result, your company likely gets at least a few, or potentially dozens of DDQs every month.
You’ve seen them before. They’re often lengthy and complicated documents. DDQ’s take away from critical client work and relationship building that your sales team could be doing.
But they are still a necessity. And no, you can’t just decline to respond (that would look suspicious.)
Fortunately, they don’t have to be the time-consuming mess they often become. Let’s take a look at different types of DDQ examples and how you can streamline their completion.
Key Takeaways
- DDQs are a pain – they eat up time and energy your team could be spending on more important stuff.
- Automating your DDQ process means you can stop chasing down info across departments.
- Keeping all your answers and knowledge in a DDQ automation tool makes everything faster and more consistent.
What is a Due Diligence Questionnaire (DDQ)?
When a business wants to partner or work with another business, one or both of those companies often send the other a DDQ.
A DDQ, or a due diligence questionnaire, is just what it sounds like. It is the company asking its potential partner to provide due diligence in terms of risk, security compliance, or capabilities.
An example would be our company, 1up, offering our services to a business in need of AI knowledge management. We would need to complete a DDQ for that business to prove that we offer the highest levels of security and privacy for their data. After all, how else can they trust our technology to unify their company’s knowledge in a single platform?
Obviously, they’re going to want to make sure we can protect that data.
These DDQs are often highly technical, super long, and tediously repetitive. They’re often filled with hundreds of policy-heavy questions.
Again, it’s necessary. But it’s not fun. And it’s certainly not easy.
But it is the price of doing business and doing it well.
DDQ Examples (with Screenshots)
These DDQs come in different formats — PDFs, Word Docs, Excel sheets, or web portals housed within the asking company’s website.
Let’s take a look at some examples:
Excel-Based DDQs
Excel-based DDQs are spreadsheets that have hundreds of questions, scoring columns, and dropdowns. These are possibly the most complex among all DDQs. Of course, you might see Financial and InfoSec questionnaires in Excel format.
An example of a question you might find on an Excel-based DDQ is: “Do you use MFA for all employee logins?” Yes/No – Explain.”
Here’s a what an Excel-based DDQ might look like:

Docx Questionnaires
Docx questionnaires will need to be completed from within Google Docs or MS Word. These typically contain tables and detailed response fields. Sometimes there are checkboxes, dropdowns, or other fancy fields.
An example of a question you might get on a Docx questionnaire would be, “List your business continuity plans in the event of a data center failure.”
Here’s an example of a Docx questionnaire format:

Financial DDQ
These types of DDQs tap into the financial side of companies to make sure everything seems sound for the company’s overall health.
These DDQs often include questions about the company structure, revenues, audits, and ownership.
Many times, your financial DDQs will come in PDFs, which are not interactive. In this case, you’ll need to create a new document that answers the questions.
A DDQ from a financial institution might include a question like, “Please provide your most recent audited financial statements.”
Financial DDQ questions might look like this:

InfoSec Questionnaires
The fan favorite. Every IT team’s dream is to stop their work and spend 2 days filling out one of these questionnaires.
InfoSec questionnaires are a top priority for companies that value their security, like financial institutions, and will require hundreds of answers to complex questions.
These questionnaires often ask security questions based on frameworks like SOC 2 and ISO 27001.
An example of a question you might get on an InfoSec questionnaire would be: “Describe your vulnerability management process.”
Here’s a sample of an InfoSec questionnaire:

Why Do DDQs Take Forever to Complete?
So, why do these things take forever to complete? After all, you’ve got a crack team of sales engineers and subject matter experts (SMEs) on staff. What’s the big deal?
The big deal is that these hundreds of questions often cross-departmental expertise. That means looping in teammates from multiple teams to complete one response. Plus, your highest-level experts are usually tied up doing mission-critical work. This all means you need to distract multiple members from different teams to explain company policies, product requirements, and internal compliance controls.
The answers to all of those questions are housed behind silos that typically don’t engage with each other. One infosec questionnaire might involve teammates from:
- Legal
- IT
- Finance
- HR
- Sales
Sometimes, the questionnaire ends up going back and forth across teams because repetitive questions pop up across different clients and formats.
So, you try to solve this problem by copying and pasting responses. Great, right?
Wrong.
You still need to rephrase answers to align with the new questions, maintain formatting, update responses based on recent changes, and review them for accuracy. Copy/pasting doesn’t work here. You end up wasting even more time.
How Teams Automate DDQs
With tools like 1up, teams are automating fast and accurate responses to even the most complex questionnaires.
1up creates a centralized knowledge base using your trusted company files, including previously completed questionnaires. When a new DDQ comes in, 1up uses that knowledge to generate hundreds of answers in minutes.
The process looks like this:
Every day companies like Gladly, WalkMe (SAP), and FusionAuth have had their DDQs automated by 1up.
1up works across all formats. You can upload your PDFs or Excel sheets, or you can add the browser extension to complete your DDQs right in a web portal.
Even better, it gets easier every time you use 1up. Once your team reviews our completed DDQ, you can upvote and downvote answers, so 1up get more familiar with your preferred answer format and style.
A single completed DDQ can be reused everywhere, and you’ll dramatically reduce SME interruptions.
1up will help you cut hours off the DDQ process, especially for InfoSec and finance teams.
Ready to learn more? Book a demo today.