If your organization outsources to vendors, you are probably involved in a lot of due diligence. You may be looking at and verifying credit checks, getting background reports, monitoring legal standings and litigation, ensuring that third parties pay their bills and don’t employ criminals, and more.
But are you paying attention to the cyber security posture of your vendor? This is a new risk factor companies are beginning to worry about—and rightfully so.
In today’s business landscape, data is being shared with many vendors and housed in their networks, so it is incredibly important to take every precaution necessary to protect your data. Even if you have a strong standing relationship with your vendor, how do you really know that they’re protecting their own information appropriately, let alone handling yours with care? The steps laid out below will help you ensure that you’re mitigating vendor risk, from pre- to post-contract.
Ask yourself this question: “Are all of my vendors protecting our data appropriately, in accordance with the relationship we’ve established?” If you’re hesitant on answering “yes” for even a moment, you could have a vendor risk problem.
During your pre-contract phase, you’ll want to be sure a particular vendor is on the “up and up” before you sign a deal with them. This is typically done by determining:
If they have access to a large deal of data, or even a small amount of highly sensitive data, follow these steps:
Let’s assume you performed the three steps above and your vendor passed muster, so you signed a contract with them. Congratulations! But vendor risk management doesn’t stop after the contract is signed. During the post-contract diligence phase, you’ll want to continuously monitor your vendor’s security position by following these steps:
If you still don’t think these critical vendor risk management steps are important, you’re simply not taking necessary precautions to protect your company. Some may even say that not protecting yourself through these steps is negligent. Vendor risk management isn’t a ploy or a sales tactic—it’s an incredibly important part of the business landscape today, and virtually every large company in the world is doing it.
Once you follow the eight steps outlined above, you’re going to have greater protection if your vendor’s security is ever compromised. Take our word for it—following these critical (and simple) steps to reduce your vendor risk is a no-brainer.
We've drilled down into areas that vendor risk management programs leave a little vague.
Download the guide to see if you've considered these critical areas of vendor risk management.
What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by the...
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469