Vendor Risk ManagementYou share information with vendors. Do you ever wonder how well they protect it?
FRSecure is a full service information security consulting and management company. If you need anything security related, from assessments to social engineering to security training to policy development etc., give our team of experts a call and find out how to get our experience working for you.
What is Vendor Risk Management
Vendor Risk Management (VRM) is an organized approach to managing the risk your vendors pose to you. If you’re like most organizations, you share information with vendors. Some of those vendors (legal, printing, outsourced IT, outsourced payroll or benefits, collections, etc.) pose a higher risk to you than others.
VRM takes all your vendors into account and gathers from them the right information to tell you how risky they are to do business with.
Why does VRM matter to me?
Your clients or customers entrust you with information that you are responsible to protect appropriately. When you share that information with vendors you extend that responsibility to them, but the responsibility doesn’t transfer. Should one of your vendors lose information you shared with them, it will be as though you lost it yourself.
What's included in Vendor Risk Management
VRM is a fairly straightforward process, but takes work:
- Identify and classify vendors
- Define requirements for the different classification of vendors
- Define security policy and processes to ensure consistency of the VRM program
- Communicate requirements to the vendors
- Manage collection of responses
- Consolidate responses and feed the information back into your internal vendor management process
How much does VRM cost?
The cost of VRM programs depend upon a number of factors:
- Number of vendors
- Required information we need from them
- Internal policy and process documentation needs
- Managing the communication to the vendors (we can do or you can do)
- Consolidating the results into a format appropriate to your vendor management program
All you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.