Latest Trend: A Community-Driven Approach to Vendor Risk Assessments
“There has to be a better way.”
If you’re conducting (or responding to) vendor risk assessments, odds are good that you’ve heard that phrase more than once. With hundreds or thousands of vendors, the ability to scale the assessment process using spreadsheets and email becomes unmanageable.
In helping companies streamline their vendor risk management (VRM) programs, we’ve created a community that’s building a “better way” together. In this post, we’ll outline the benefits of that community (60,000+ participating vendors and growing): The Vendorpedia Cyber Risk Exchange.
What is a Cyber Risk Exchange?
An exchange is very similar to a marketplace. Vendors and the companies assessing them work together to facilitate the simple exchange of vendor risk assessments, as well as other security and privacy information.
How Does the Cyber Risk Exchange Community Work?
Vendors make pre-completed and validated assessments available (with permission) through the exchange. Once a vendor undergoes an assessment, they can share it with any other companies that want the same assessment. This ensures vendors responding to assessments never start from scratch, while making the process faster for those doing the assessing.
Why Should I Participate in the Cyber Risk Exchange Community?
1. Benefit from the Work of Others
Like any community, the sum is greater than the individual. With a Cyber Risk Exchange, companies benefit from the assessment efforts of others. When an assessment is completed and validated, that information is made accessible through the exchange for others to request access to in the future.
2. Access to Dedicated Exchange Agents
Agents facilitate the assessment process between you and the vendor you are assessing. Instead of spending time managing the back and forth, exchange agents will provide that support on your behalf.
3. Use Existing Assessments to Answer Custom Questionnaires
If you’re a vendor, it’s likely that you’ve already completed a standard-based assessment whether it be SIG, SIG Lite, ISO 27001, ISO 27701, NIST 800-53, or CSA CAIQ. But many companies choose to use custom assessments. Through an exchange, vendors can use answers from standard-based assessments to “autocomplete” custom assessments by mapping questions through natural language processing.
4. Bring the Right People Together in One Place
One of the biggest challenges of completing vendor risk assessments is actually identifying the right people to contact. Through an exchange, those responsible for sending and responding to assessments can meet in a single place.
5. Leverage Other Information Beyond Assessments
Sometimes, a detailed assessment isn’t necessary. There are cases when a SOC 2 report or evidence of a security/privacy certification is sufficient enough in place of an assessment. Through an exchange, vendors can not only share assessments, but also, they can share information about their security and privacy programs.
Together, companies and the vendors they assess can work together to collectively make the vendor risk assessment process better for all involved. Want to see how? Request a demo of the Vendorpedia Cyber Risk Exchange today.