Vendor Risk Management: Ten Frequently Asked Questions

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next Vendor Risk Management: Ten Frequently Asked Questions-6 Next


What standards should I have my vendors meet? How do I know they're meeting them?

This is almost entirely dependent on the industry that you work in. If you're in the medical field, you'll want to ensure that your team is HIPAA compliant; if you're in the financial industry, you'll need to ensure that you're meeting OCC guidance, PCI compliance, etc.

To ensure that your vendors are meeting standards, your lawyers and IT department will work together to determine:

  • How sensitive the data is.
  • What standards your industry dictates your vendors must meet, and what company standards you'd like them to meet.
  • How to determine if they've met those standards.

All of this comes down to the issue of continuous monitoring. Until recently, it was nearly impossible to monitor vendors in real time from outside of their network. Unless a vendor actually let you come on-site and watch their network directly (unlikely), you'd never be able to know what was going on.

As cyber threats become more sophisticated and complex, businesses need not only to ensure they are secure, but that their vital partners, suppliers and vendors are protecting themselves as well. According to the 2015 Verizon DBIR, 70 percent of observed cyber attacks involved a secondary victim. To avoid being blindsided, organizations are beginning to monitor the security of their third parties to reduce the likelihood of a data breach.

Gartner estimates that around 10 percent of companies have formalized IT risk management programs, but that the figure will grow to 40 percent by 2018. If you're just beginning to implement a vendor risk management (VRM) program, BitSight Technologies has identified 10 frequently asked questions to help you get started.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.