How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
Vendor risk management is nothing new to most security and privacy professionals. Programs for managing vendors are typically well-established and have run like clockwork for quite some time with many firms requiring their critical vendors to allow access for periodic on-site assessments of privacy, security, and other controls. But as with so many things this year, the coronavirus pandemic has brought well-oiled vendor risk management processes to a screeching halt. Now, without the ability to conduct on-site audits, many organizations lack their usual visibility to assess risk factors and validate whether their providers are doing all they have agreed to in their contracts and service-level agreements (SLAs).