DatumSec Cyber Risk Management for SMB Vendors
As someone in charge of risk or security, ensuring a baseline of security for all of your vendors will take different approaches depending on the size and/or risk classification of your vendors and business partners.
DatumSec provides a cyber risk management solution uniquely focused on assessing your small and medium-sized vendors.
DatumSec Cyber Risk Management for SMB Vendors provides the framework for successful vendor engagement, including working directly with your SMB vendors, as needed, to ensure the process is understood and adhered to, while making the assessment results available to you through a cloud-based portal.
What You Receive
As your vendors complete and submit their assessments, you can review a list of your vendors to see where they are in the process. If they've completed the assessment and submitted their results, you can see their security postures based on scoring algorithms determined by questionnaire answers, results from internal security control scans, and overall company risk classification. As well, you will have access to a dashboard that provides summary information of all your vendors in a graphical representation.
How the Vendor Assessments Work
On behalf of your organization, DatumSec will invite identified vendors to take part in a Vendor Assessment. The invitation will take your vendor to a customized portal where they will log in and begin their assessment process.
There will be four steps the vendor will take during the assessment:
Vendor provides information on their company and answers a brief security questionnaire to determine their security profile
Vendor installs and runs agent(s) to evaluate internal security controls; these controls have been developed by DatumSec from best practices for security controls from the Australian Signals Directorate, SANS 20, CIS and others
Vendor can evaluate results within the vendor portal, and determine if remediation is needed; if so, vendor has the opportunity to remediate and re-scan prior to submitting results to you
Vendor can review the finalized report, exactly as you will see it, and submit to you
If needed, DatumSec will also provide services to get your vendor risk management program started.
Prior to vendor engagement, DatumSec can work with your team to classify vendors and estimate their potential risk based on the vendor's business type and the business information or systems they have access to.
External Posture Evaluation
If your vendor classification is already complete, DatumSec can work with you to take an initial look at a vendor's external security posture, or immediately roll-out an assessment program to your SMB vendors, leveraging existing or new right-to-audit language as necessary.