Managing third-party security management
In one of my recent pieces, I observed that when performing third-party vendor assessments, many firms don’t effectively use information security assessment questionnaires. My approach was to engage the vendors over lunch — specifically, with pizza.
While this approach is quite effective, the downside is that it does not scale well when you have to deal with many vendors. Plus, lots of pizza can be fattening.
With that, I researched two vendor management software tools that can be of assistance: Loopio and Panorays.
Both of these vendors assist in the third-party vendor management process around questionnaires, albeit from different ends of the equation. The goal of these and similar vendors is to ease and shorten the third-party information security evaluation process.
The need for an information security third-party security management program is self-evident. Third-parties are often used as a gateway to get to the primary target. By having a robust third-party…