You've probably heard how important vendor management is to the success of your information security program. But it's important that you learn how to start a vendor management program and perform assessments for it so that each assessment supports your business.
Without a vendor management program, your compliance posture can fail. You'll have no visibility into the vendors or 3rd parties that help your business operate, you won't be able to demonstrate business continuity to your leads and customers, and you'll have a glaring gap in your overall risk posture.
So why, oh why, does almost every smaller firm I talk to have a laundry list of excuses for why they can't manage their vendors?
Maybe because, unless you're one of the few people who actually like understanding regulations or assessing risk, vendor management is painful! You have to find the regulation, work with parts of the business you'd rather avoid and then find a way to manage all of this on an on going basis ... ugh, where do you even start?
Well friends, it's time to get your head out of the sand!
A vendor, or 3rd party, is a person or company that supplies products or services.
A business relies on its vendors to perform a set of functions or tasks for which its customers for which its customers rely on them.
This means that, for example, a hospital system may need services or products from medical device companies or cleaning companies in order to fulfill the obligation of patient care. From that perspective, vendors need to be managed so that the business can continue to perform it's specific objectives.
A vendor management program is a fancy way of saying lets make sure that our business isn't impacted by the vendors or 3rd parties we work with.
Starting a vendor management program isn't as difficult as you think. If you follow these simple steps you can be on your way in no time.
If you're ready to start a Vendor Management Program contact us for free templates to get you started!