- Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
- More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
- However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.
Our Advice
Critical Insight
- An efficient and effective assessment process can only be achieved when all stakeholders are participating.
- Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
- Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.
Impact and Result
- Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
- Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
- Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
8.0/10
Overall Impact
$6,805
Average $ Saved
8
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
The Pittsburgh Water and Sewer Authority
Guided Implementation
10/10
N/A
20
Jon is very knowledgeable about Info-Tech tools and is able to provide helpful answers to all of our questions. For example, on the recent call he... Read More
US Senate
Guided Implementation
3/10
N/A
5
Petar was very knowledgeable SME. He shared valuable information, materials and gave solid advice for our initiative. Petar also provided us the op... Read More
The University of North Carolina System Office
Guided Implementation
7/10
$2,603
4
Access to ready templates. Worst part is the manual manner in which I will have to use the templates.
NIPPON GASES EURO-HOLDING, SLU
Guided Implementation
8/10
$5,919
4
Cidel Bank & Trust
Guided Implementation
10/10
$13,700
5
no worse parts. Everything was well presented with Jon providing valuable insight on the importance of monitoring and managing vendor risk and h... Read More
Westoba Credit Union Limited
Guided Implementation
10/10
$5,000
10
It's really valuable to have this work ready to be used instead of building it myself.