Vendor management concerns all of the vendors, partners, or subcontractors your organization relies upon in order to operate. With the rise of remote working, your staff is probably leveraging a variety of digital tools to ease collaboration and communication. Your security posture is only as good as the security used by the vendors you partner with for services such as video conferencing, cloud hosting, document sharing, and data storage.
Vendor management is important because it is essential to ensuring your data is secure when it is in transit or at rest within the boundaries of your vendors’ products or services. It will also help you control costs, reduce potential risks, and ensure good service to your customers.
SPIO offers a list of assessments for commonly used vendors (Apple, Microsoft, Google, Amazon Web Services, etc.) to help you make sure that they themselves treat security as seriously as you do. For vendors outside of this list, SPIO offers vendor tracking templates and security risk assessment questionnaires to help you identify how compliant they are with best cybersecurity practices and whether you might need additional rules for data protection when using their services. SPIO will also identify which security controls you can inherit from your partners, such as when you use a cloud based hosting service like AWS or Azure.