Vendor Risk Management Policy

Vendor Risk Management Policy

A policy defines the rules for the game. A vendor risk management policy defines the rules for the vendor risk management game. The more people who need to know about your rules, the more important the policy becomes.
Vendor Risk Management Best Practices

Vendor Risk Management Best Practices

Help your vendors practice the best security. You’re in a position to help the organizations who wouldn’t naturally care about security. Put the basics in place to better protect themselves and you. VRM is a GREAT way to lead your suppliers to best practices while also protecting yourself in a more effective way. It costs you nothing and has (potentially) enormous benefits.
Benefits of Vendor Risk Management

Top 5 Benefits of a Vendor Risk Management Program

Many companies are daunted by the task of building a vendor risk management (VRM) program that gathers all vendors in one place, classifies them, assesses the risky ones and determines if that risk should be remediated or terminated. However, the benefits of an automated VRM program easily outweigh the risks of not doing vendor risk management.
Importance of Vendor Risk Management

The Importance of Vendor Risk Management

The importance of vendor risk management is dependent on your importance of protecting your information so an attacker doesn't gain access or so vendor doesn't lose your information. With breaches on the rise, a high-quality third-party information security risk management system is crucial.
Purpose of Vendor Risk Management

Purpose of Vendor Risk Management

The purpose of vendor risk management is ensuring the use of third-party vendors and making sure they do not introduce a negative impact, business disruption, or damage your reputation. It also puts you in a defensible position by showing you're practicing proper due care and due diligence regarding information security and vendor risk management.
How To Do Vendor Risk Management

How To Do Vendor Risk Management

Vendor Risk Management (VRM) isn’t hard, but we interact with organizations every day that have complicated, manual processes, or they’re doing nothing at all.  That complexity typically comes from the lack of regulatory clarity around…
Healthcare Vendor Breach: Credit Card System Hacked

Healthcare Vendor Breach: Credit Card System Hacked

On September 29, 2018, Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI), discovered that more than 47,000 patient records may have been compromised when the hospital…
Phase 4 of VRM: Risk Treatment

Phase 4 of VRM: Risk Treatment

The final step in the third-party vendor risk management process handles how we decide to treat the risks associated with third parties. The most objective method to handle risk in relation to third-party information security risk management…
Phase 3 of VRM: Assessment

Phase 3 of VRM: Assessment

As mentioned in Phase 2 - Classification, High and Medium impact third parties need to be assessed for residual risk. Residual risk is another term that isn’t common to all people, so we’ll define it. Residual risk is the amount of risk…