Virtual Vendor Risk Management

Take the burden of vendor risk management off your team and offload it to us. Our Virtual Vendor Risk Management (vVRM) solutions are designed to help you every step of the way beginning with vendor inventory and classification through vendor assessment and treatment.

Our two vVRM solutions allow you to select the level of support you need: either alongside your current VRM team or by hiring our security experts to be your complete VRM team. Either way, vendor risk management is no longer a burden.

Virtual VRM Services

Both service levels include a Virtual Vendor Risk Manager with 5+ years of experience in security risk assessment and program support:

Virtual VRM Support

Designed for organizations that have staff available to handle the day-to-day functions of VRM but still need a more experienced person managing and ensuring the program stays on task.

vVRM Support includes:
  • Complete vendor risk management policy and procedure customization
  • Vendor discovery process coaching
  • Internal review of scope for additional VRM modules
  • Review of internal classifications
  • Review up to 5 medium- or high-risk vendor questionnaires
  • Up to 5 certification mapping exercises per year for vendors who provide certifications (SSAE18, ISO, HITRUST, etc.) in
    lieu of medium- or high-risk self-questionnaires
  • Monthly status meeting to review risk acceptance and risk agreements

Virtual VRM Managed Solution

Designed for organizations that have neither the time nor the staff to manage their VRM program. Allows your company to offload the management of your entire VRM program to us.

vVRM Managed Solution includes:
  • Complete vendor risk management policy and procedure customization
  • Vendor discovery process creation and implementation
  • Internal review of scope for additional VRM modules
  • Up to 10 certification mapping exercises per year for vendors who provide certifications (SSAE18, ISO, HITRUST, etc.) in lieu of medium- or high-risk self-questionnaires
  • In-depth review of vendor classifications, vendor questionnaires, and risk agreement remediation reviews
  • Monthly status meeting to review all VRM activity
  • Quarterly status report with executive management to review high-level VRM activity