This free document is on 3rd party data security assurance (Courtesy UCF,  Information Security Office, VR Program). 

The document is made in a way such that vendors must answer the questions in a yes/no. Third Party/ Vendor Data Security Assurance Questionnaire (SAQ)Document covers questions from various sections – 

• Policies & Procedures
•  Disaster Recovery & Business Continuity
•  Physical Infrastructure Security
•  Data Security
• Identity & Access Management
• Incident Response
• Patch Management
• Network Infrastructure
• Application Security
• Remote Access & VPN
• Firewall
• Malware Controls