Vendor risk questionnaire: privacy and security controls

Create a vendor privacy & security questionnaire for {vendor_type}.

Inputs:
- Data shared with vendor: {data_shared}
- Criticality and access level: {criticality}
- Compliance requirements (GDPR/CCPA/ISO/SOC): {requirements}
- Contracting constraints: {contract_constraints}

Output:
1) Questionnaire sections: data processing, security controls, sub-processors, breach response, retention, audits.
2) Scoring rubric and minimum requirements.
3) Red-flag criteria requiring escalation.
4) Remediation tracker template.

Keep questions specific and evidence-oriented.