Assessing Your Vendor Risks: Internal vs. External

A DatumSec White Paper

Many organizations have well-defined processes to assess the security posture and business risk presented by their largest vendors. Unfortunately, however, those processes may not be sufficient to properly assess every vendor tier where a good chunk of risk likely exists. More specifically, most tools and processes fall short when it comes to extending third-party vendor risk assessments to handle the smaller (tier 2 and tier 3) vendors, service providers, contractors, and consultants. Size-based filters and a simple outside-in approach isn’t sufficient.

 

Assessing & Mitigating Security Risks from Small & Mid-Sized Suppliers

A DatumSec White Paper

Every vendor represents a potential security risk to your organization. Whether it’s a small specialized law rm, a local value-added reseller delivering technology and providing services, a consultant dedicated to your industry, or an o-shore Web developer, it’s important to understand those risks—and make the best possible decisions before they touch your infrastructure, your systems, and your data.