City Vendor Security Questionnaire - San Antonio

Technology and Data Texas 3 Minutes Read ยท published February 05, 2026 Flag of Texas

San Antonio, Texas vendors and contractors must often complete a vendor security questionnaire as part of procurement and IT onboarding to protect city data and systems. This guide explains when the questionnaire is required, the typical information requested, how the City of San Antonio administers reviews, and where vendors submit documents. It summarizes enforcement, appeals, and practical steps to comply with city procurement and information-security requirements.

When the Vendor Security Questionnaire Applies

Vendors providing cloud services, hosted systems, data processing, or applications that access city data typically must complete a security questionnaire before contract award or access approval. The Purchasing and Information Technology departments oversee questionnaire requirements and reviews; see official department guidance for procurement and IT security policies Purchasing Department[1] and Information Technology[2].

Complete the questionnaire early to avoid award delays.

Typical Contents of a Vendor Security Questionnaire

  • Data classification and types of city data accessed.
  • Security controls: encryption, access controls, logging, and incident response.
  • Policies on subcontractors and transfer of data.
  • Retention, deletion, and records management practices.
  • Insurance and liability or indemnity statements.

Penalties & Enforcement

The city enforces vendor security requirements through contract terms, procurement remedies, and access suspension. Specific monetary fines tied solely to a vendor security questionnaire are not specified on the cited pages; enforcement typically arises from contract breach or noncompliance with procurement rules. See the Purchasing Department and Information Technology pages for controlling procedures and contacts Purchasing Department[1] and Information Technology[2].

  • Fine amounts: not specified on the cited page.
  • Escalation: first, repeat, or continuing offence procedures are not specified on the cited pages and are typically handled via contract remedies.
  • Non-monetary sanctions: access suspension, contract termination, corrective action plans, or referral to legal action.
  • Enforcer: City of San Antonio Purchasing and Information Technology departments handle compliance and investigations.
  • Appeals/review: formal protest and contract dispute procedures are available through Purchasing; specific time limits are not specified on the cited pages.
If you discover a security incident, notify the city immediately using official contacts.

Applications & Forms

The city may use vendor registration, procurement forms, and a vendor security questionnaire or attestation. Specific form names or form numbers for the questionnaire are not published on the cited department pages; vendors should check the Purchasing and IT pages and contact procurement officials for the current questionnaire or attachments to the solicitation Purchasing Department[1].

How Vendors Should Prepare

  • Gather documentation: policies, SOC reports, encryption details, and subcontractor lists.
  • Assign a security point of contact and provide direct contact details in the questionnaire.
  • Submit completed questionnaires and supporting documents with your solicitation response or as instructed in the purchasing portal.
  • Be prepared to negotiate acceptable security controls or propose compensating controls if city requirements exceed standard practices.
Maintain evidence of submissions and correspondence to avoid disputes.

FAQ

Who must complete the vendor security questionnaire?
Vendors that will store, process, or access city data or run services integrated with city systems usually must complete the questionnaire.
Where do I submit the completed questionnaire?
Submission instructions are provided in the solicitation or by the Purchasing or IT contact for the procurement; check the Purchasing and Information Technology pages for current procedures Purchasing Department[1].
What happens if I fail to complete the questionnaire?
Failure to comply may delay award, suspend access to systems, or result in contract remedies; specific penalties are not specified on the cited pages.

How-To

  1. Review the solicitation or vendor onboarding instructions for a required security questionnaire.
  2. Assemble required documents: security policies, encryption details, SOC or audit reports, and subcontractor lists.
  3. Complete the questionnaire accurately and attach requested evidence.
  4. Submit via the procurement portal or to the purchasing contact before the solicitation deadline.
  5. If the city requests clarifications, respond promptly and document all communications.

Key Takeaways

  • Start the questionnaire process early to avoid award delays.
  • Contact Purchasing or IT for forms, submission instructions, and questions.

Help and Support / Resources

  1. [1] City of San Antonio - Purchasing Department
  2. [2] City of San Antonio - Information Technology

Categories

General Governance and Administration Public Safety Public Health and Welfare Land Use and Zoning Housing and Building Standards Transportation Environmental Protection Parks and Public Spaces Business and Consumer Protection Taxation and Finance Labor and Employment Education Civil Rights and Equity Elections and Campaign Finance Events and Special Uses Signs and Advertising Utilities and Infrastructure Technology and Data