Latest Trend: A Community-Driven Approach to Vendor Risk Assessments
“There has to be a better way.” If you are conducting (or responding to) vendor risk assessments, odds are good that you’ve heard that phrase more than once. With hundreds or thousands of vendors, the ability to scale the assessment process using spreadsheets and email becomes unmanageable. In helping companies streamline their vendor risk management (VRM) programs, we’ve created a community that’s building a “better way” together. In this post, we’ll outline the benefits of that community (70,000+ participating vendors and growing): The Vendorpedia Third-Party Risk Exchange.
What is a Third-Party Risk Exchange?
An exchange is very similar to a marketplace. Vendors and the companies assessing them work together to facilitate the simple exchange of vendor risk assessments, as well as other security and privacy information.
How Does the Third-Party Risk Exchange Community Work?
Vendors make pre-completed and validated assessments available (with permission) through the exchange. Once a vendor undergoes an assessment, they can share it with any other companies that want the same assessment. This ensures vendors responding to assessments never start from scratch, while making the process faster for those doing the assessing.
Why Should I Participate in the Third-Party Risk Exchange Community?
1. Benefit from the Work of Others
Like any community, the sum is greater than the individual. With a Third-Party Risk Exchange, companies benefit from the assessment efforts of others. When an assessment is completed and validated, that information is made accessible through the exchange for others to request access to in the future.
2. Access to Dedicated Exchange Agents
Agents facilitate the assessment process between you and the vendor you are assessing. Instead of spending time managing the back and forth, exchange agents will provide that support on your behalf.
3. Use Existing Assessments to Answer Custom Questionnaires
If you’re a vendor, it’s likely that you’ve already completed a standard-based assessment whether it be SIG, SIG Lite, ISO 27001, ISO 27701, NIST 800-53, or CSA CAIQ. But many companies choose to use custom assessments. Through a risk exchange, vendors can use answers from standard-based assessments to “autocomplete” custom assessments by mapping questions through natural language processing.
4. Bring the Right People Together in One Place
One of the biggest challenges of completing vendor risk assessments is actually identifying the right people to contact. Through a risk exchange, those responsible for sending and responding to assessments can meet in a single place.
5. Leverage Other Information Beyond Assessments
Sometimes, a detailed assessment isn’t necessary. There are cases when a SOC 2 report or evidence of a security and privacy certification is sufficient enough in place of an assessment. Through a risk exchange, vendors can not only share assessments, but also, they can share information about their security and privacy programs.
Together, companies and the vendors they assess can work together to collectively make the vendor risk assessment process better for all involved. Want to see how? Request a demo of the Vendorpedia Third-Party Risk Exchange today.
Further risk exchange reading:
- Read the blog: Third-Party Risk Exchanges: Are Your Vendors Safe to Do Business With?
- Read the case study: How a Fortune 500 Automotive Aftermarket Retailer Solves Third-Party Risk Challenges with OneTrust Vendorpedia + BitSight Security Ratings
Next steps for implementing a risk exchange:
- Sign up for the webinar: 7 Ways to Save Time When Answering a Security Questionnaire
- Watch the demo: Risk Exchange Demo Video
- Download the report: OneTrust Recognized for the Second Consecutive Year as a Gartner Peer Insights Customers’ Choice for IT Vendor Risk Management Tools
Businesses + Vendors: How to Make The Third-Party Risk Marriage Work
To reduce vendor-related risks, businesses must conduct security assessments on their vendors. On the other side, vendors must respond to these time-consuming questionnaires. And with recent disruptive events, such as the pandemic and major security breaches like SolarWinds, the volume of security questionnaires a vendor receives has increased drastically.
So, how can businesses and vendors work together in a way that benefits both sides, giving businesses more trust in their vendors, and giving vendors the ability to provide confidence in their security programs?
In this webinar, we brought together both sides of the vendor risk management equation – a business and a vendor – to share their perspective of what it’s like to send and respond to security questionnaires. In having this discussion, we hope to provide insight and tips that can help streamline the vendor risk assessment process for everyone involved.
Our panelists will discuss:
- Their experiences with sending and responding to questionnaires
- The pain points on each side of the assessment process
- What businesses and vendors can do to make the process easier for each other
- Solutions to work better together to build mutual trust and reduce workload