dcsimg

Vendor Risk Management: Ten Frequently Asked Questions

  • Vendor Risk Management: Ten Frequently Asked Questions-

    Contacts

    Who should my main contact be with my vendor?

    You should expect to have one individual at your vendor's company who is in charge of managing the risk to your organization's data. This person should be your point of contact if there is ever a problem and should be able to easily obtain relevant and important information at any point. He or she could be a lawyer, an IT security person, the chief information officer, or any number of people depending on how the company has decided to organize itself. You should be able to rely on this person to get all of the appropriate people together should a problem ever occur. This person should have specific insights into IT operations, security components, and elements of your contract.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12

Vendor Risk Management: Ten Frequently Asked Questions

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
  • Vendor Risk Management: Ten Frequently Asked Questions-8

    Contacts

    Who should my main contact be with my vendor?

    You should expect to have one individual at your vendor's company who is in charge of managing the risk to your organization's data. This person should be your point of contact if there is ever a problem and should be able to easily obtain relevant and important information at any point. He or she could be a lawyer, an IT security person, the chief information officer, or any number of people depending on how the company has decided to organize itself. You should be able to rely on this person to get all of the appropriate people together should a problem ever occur. This person should have specific insights into IT operations, security components, and elements of your contract.

As cyber threats become more sophisticated and complex, businesses need not only to ensure they are secure, but that their vital partners, suppliers and vendors are protecting themselves as well. According to the 2015 Verizon DBIR, 70 percent of observed cyber attacks involved a secondary victim. To avoid being blindsided, organizations are beginning to monitor the security of their third parties to reduce the likelihood of a data breach.

Gartner estimates that around 10 percent of companies have formalized IT risk management programs, but that the figure will grow to 40 percent by 2018. If you're just beginning to implement a vendor risk management (VRM) program, BitSight Technologies has identified 10 frequently asked questions to help you get started.