Third-Party Risk Management Industry Partners: Vendor Security Alliance

BLOG 5 MINS | January 28, 2020
Third-Party Risk Management Industry Partners: Vendor Security Alliance

It’s becoming increasingly important for companies around the world to depend on each other for compliance with responsible cybersecurity best practices. To do so, companies are looking for a standardized method  to evaluate each other’s information security programs.  

Enter the Vendor Security Alliance (VSA), a non-profit organization driven by a group of like-minded membership companies dedicated to improving internet security.  

The VSA was formed to solve the lack of standardization and to streamline vendor risk management (VRM). One of the ways it does this is through comprehensive VRM questionnaires. The newest one – the VSA CORE questionnaire – is essential for assessing third-party risk. 

The VSA CORE for Third-Party Risk 

The VSA CORE questionnaire for third-party risk is available at no cost to all OneTrust Vendorpedia customers. 

This questionnaire was released in Q3 of 2019 and comprises the most important questions about a vendor’s information security practices and privacy regulation compliance. QIn addition, questions within the VSA CORE encompass U.S. privacy-related  hot topics such as data breach notification requirements, the California Consumer Privacy Act (CCPA), and the General Data Protection Regulation (GDPR).  

You can use OneTrust Vendorpedia to: 

  • Automate VSA CORE questionnaire workflows 
  • Modify VSA CORE questionnaires 
  • Flag risks automatically when using the VSA CORE questionnaire 
  • Maintain records for accountability and compliance purposes 
  • Complete unlimited vendor assessments using the VSA CORE

OneTrust Vendorpedia streamlines VSA CORE assessments by moving companies away from spreadsheets and into software. VSA CORE questionnaires are sent, completed, and reviewed within the Vendorpedia platform, enabling third-party risk teams to manage all vendors and questionnaires in a single dashboard. 

VSA CORE Questionnaire Chasing: How It Works 

Through Vendorpedia, you can use our free vendor chasing services to assess more vendors in less time. Submit a chasing request through the platform to offload the entire assessment process to the Vendorpedia team. Here’s how it works:  

  1. You select the vendor or product you want to assess 
  2. You choose the questionnaire (VSA Core) 
  3. Your Vendorpedia assessment agent identifies the right vendor contact 
  4. Your Vendorpedia assessment agent sends the questionnaire (VSA Core) 
  5. Your Vendorpedia assessment agent follows up and supports the vendor contact until the questionnaire is completed 
  6. You receive the completed assessment  

The entire process is mostly hands-off for the users, while giving you the power to manage your third-party risk program without getting bogged down in the mundane assessment work.  

Manage Third-Party Risk with VSA CORE and Vendorpedia 

The VSA CORE is a trusted leader in third-party risk and VRM questionnaires.   

OneTrust Vendorpedia has established a strategic partnership with the VSA – as well as other security and privacy compliance tools around the world – to deliver value to our customers, regardless of location, industry or use case. 

You can take a peek at the VSA CORE questionnaire through a free trial of the OneTrust Vendorpedia platform. Or you can take a tour of the software with the help of one of our third-party risk management experts.  


Onetrust All Rights Reserved