Do you properly evaluate vendor risk?

/in , , /by

Understanding vendor risk is an extremely important part of your vendor management program.  Each vendor that provides a product or service to you may have some inherit risk that your organization may take on.  Knowing the inherit risk for each of your vendors before you go into contract with them will provide insight into whether or not the vendor handles any critical business function, have access to sensitive customer data or if they interact with customers.

Risk assessments will not eliminate the risk associated with the vendor, but the risk assessment can help minimize the impact on your business.  Once the vendor’s risk has been identified then you can decide if those risk can be eliminated by knowing what controls that vendor has in place.  The vendor’s controls should be reviewed to make sure they are effective and also monitored.

A successful vendor risk assessment can assist with:

  • Rating each vendor according to risk
  • Assessing each vendor relationship at the service or product level.
  • Determine which vendors need to complete vendor surveys to determine what controls they have in place for their risk.
  • Determine the due diligence requirements and the frequency.

Even though risk assessments are a prevented step in the vendor management process, organizations should always perform periodic vendor risk assessments to ensure its vendors are keeping up with its quality standards and not introduction risks to the company, its customers, and investors. https://strunkaccess.com/vendor-manager/

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.