Benefits of Vendor Risk Management

Top 5 Benefits of a Vendor Risk Management Program

Many companies are daunted by the task of building a vendor risk management (VRM) program that gathers all vendors in one place, classifies them, assesses the risky ones and determines if that risk should be remediated or terminated. However, the benefits of an automated VRM program easily outweigh the risks of not doing vendor risk management.
Importance of Vendor Risk Management

The Importance of Vendor Risk Management

The importance of vendor risk management is dependent on your importance of protecting your information so an attacker doesn't gain access or so vendor doesn't lose your information. With breaches on the rise, a high-quality third-party information security risk management system is crucial.
Purpose of Vendor Risk Management

Purpose of Vendor Risk Management

The purpose of vendor risk management is ensuring the use of third-party vendors and making sure they do not introduce a negative impact, business disruption, or damage your reputation. It also puts you in a defensible position by showing you're practicing proper due care and due diligence regarding information security and vendor risk management.
How To Do Vendor Risk Management

How To Do Vendor Risk Management

Vendor Risk Management (VRM) isn’t hard, but we interact with organizations every day that have complicated, manual processes, or they’re doing nothing at all.  That complexity typically comes from the lack of regulatory clarity around…
Healthcare Vendor Breach: Credit Card System Hacked

Healthcare Vendor Breach: Credit Card System Hacked

On September 29, 2018, Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI), discovered that more than 47,000 patient records may have been compromised when the hospital…
Phase 4 of VRM: Risk Treatment

Phase 4 of VRM: Risk Treatment

The final step in the third-party vendor risk management process handles how we decide to treat the risks associated with third parties. The most objective method to handle risk in relation to third-party information security risk management…
Phase 3 of VRM: Assessment

Phase 3 of VRM: Assessment

As mentioned in Phase 2 - Classification, High and Medium impact third parties need to be assessed for residual risk. Residual risk is another term that isn’t common to all people, so we’ll define it. Residual risk is the amount of risk…
Phase 2 of VRM: Classification

Phase 2 of VRM: Classification

,
Now that you've completed your vendor inventory, it's time to classify them according to the risk they pose on your organization. Third-party classification is about rating your third-party providers according to the amount of inherent…
Phase 1 of VRM: Inventory

Phase 1 of VRM: Inventory

In the simplest sense, a good vendor risk management program is made up of four phases: Inventory, Classification, Assessment and Treatment. These four phases make up a well-designed third-party information security risk management program. Phase…