In the process of choosing a Vendor/Third-party to handle sensitive client data, as part of due care and due diligence, organizations need to perform Vendor Security Questionnaires.
Organizations are responsible for performing due diligence before choosing an organization, and liability cannot be outsourced only because you are outsourcing a service or using a vendor. If the vendor suffers a data breach, it is critical that the organization can demonstrate it performed vendor due diligence.
These are some sample questions that you should be asking. We can help your organization review the vendors by:
DISCLAIMER: we can perform vendor due diligence to the degree the organization feels comfortable performing its due diligence for existing vendors and potential vendors. It is critical to always perform due diligence on a vendor/third party prior to storing sensitive data or giving them access to your network/systems. Vendor risk assessments are performed using the information and documentation provided by the vendor, however, we cannot represent nor can predict if the Vendor will have a cybersecurity incident or a data breach.
Please let us know how we can help, take advantage of our initial FREE 30-minute Consultation. Contact us to get started.