November 14, 2018 | Tools & Templates | Vendor and Partner Management
This questionnaire is used during the due diligence phase of the third-party risk management process. It is developed based on the security and financial risks identified and quantified in the initial risk assessment, completed by vendors and then numerically scored by the third-party risk assessment team.
Many U.S. assumptions must be adjusted when assessing third parties overseas in areas like the EU, China, Russia or India. In this Ask-an-Expert written response, IANS Faculty Josh More explains the differences in terms of culture and expectations, and provides key questions to help assess overseas vendors appropriately.
Third-party/subcontractor breaches released four times the number of exposed records compared to 2017 -- 4.8 million vs. 935,000. Medical subcontractors exposed the most records (2.8 million) in 2018 and saw the biggest jump.
Many vendor management programs today struggle with lengthy reviews, rising costs and increasing levels of uncertainty. In this report, IANS Faculty Josh More introduces the concept of tagging, a more flexible vendor assessment process designed to streamline and improve critical vendor management tasks, from classifying vendors to developing appropriate questionnaires.