JAYEN GODSE, July 2020
Upstream compliance, cyberthreats, geographical location, financial assets, and reputation are five of the top vendor risks most organizations face. But different industries also face vendor risks challenges that are unique to their business sector.
JAYEN GODSE, July 2020
Contracting the right vendors, monitoring their performance, and managing associated risks—they all pose significant challenges that too many organizations are still ill-equipped to deal with.
RENEE ROBINSON, June 2020
Risk remediation is a crucial part of the vendor risk assessment cycle. If incorrectly executed, it will dilute and diminish the effort put into the assessment. A detailed and relevant questionnaire, a thoroughly executed assessment, is a wonderful precursor to mitigation tracking.
VIRAT SHAKTIVARDHAN, May 2020
Recent events related to COVID-19 have had a huge impact on the way organizations operate and function. Along with posing many challenges, it has also opened many possibilities and ideas to a new way of doing things.
JAYEN GODSE, May 2020
Risk assessment questionnaires play an important role in an organization’s vendor governance program. Questionnaires based due diligence is essential to understanding how your third-party vendors manage cybersecurity risks as well as the investments they have made to mitigate exposure across people, processes, and technology.
JAYEN GODSE, April 2020
A successful vendor management program needs to invest heavily in managing risks associated with 3rd party vendors. Risk assessment consists of assessing inherent risk and residual risk. Inherent risk is the risk associated with a given engagement regardless of the control/s that the vendor has implemented.
RAJITA NAIR, April 2020
Information Security (InfoSec) professionals realize that their infosec program is only as strong as the weakest link. 3P (Third Party) vendors with access to sensitive data are generally regarded as the weak link, hence the focus on securing the 3P.
JAYEN GODSE, March 2020
Organizations often fail to anticipate the risks associated with 3rd party vendors. The threats they have exposed their own data to, and possibly their customers’ data, are realized, on many occasions, only after the breach has happened and all they can do at that point is damage control.
JAYEN GODSE, February 2020
The InfoSec risk assessment process seems easy and straight forward. Send questions, receive answers, review the answer, and send the report. Of course, each step is a mini process in itself. It starts with knowing the vendor, knowing the risk areas, asking the right risk questions to evaluate the risk, and sending corrective actions.
JAYEN GODSE, January 2020
An effective vendor risk assessment is the cornerstone of every successful third-party risk management program. While the essential elements of an assessment should, in theory, be easily determined, the ever-evolving IT security landscape and threats are making the process more complex.