• Vendor Risk Assessment Best Practice #3 – Maintain a Comprehensive List

    For 2020, we decided to get serious about organizing our vendor list

    The first and most fundamental mistake most organizations make in managing vendor risk is not maintaining a comprehensive list of active vendors. This may strike you as so obvious that it seems silly to note at all, much less cite as mistake number one. However, you will be surprised to learn that “nearly two-thirds of IT security professionals surveyed stated that their organizations do not maintain a comprehensive list of third-party vendors and dependencies.”


  • Vendor Risk Assessment Best Practice #2 – Assess Early

    Hay, that new vendor from Houston is here. I think he's stealing our signs

    Vendor risk evaluation is an expensive afterthought. 73% of organizations have no direct communication channel between the security program and management responsible for contracts and procurement. Security, whether intentional or not, is effectively an afterthought. This results in a huge business process gap — and a fundamental mistake — that is very common.


  • Vendor Risk Assessment Best Practice #1 – Periodically Reassess

    Reevaluate Vendors

    Evaluating vendor products and services on a schedule is a difficult yet imperative practice to implement. You need the right vendor evaluation tool.