10 Critical Issues to Cover in Your Vendor Security Questionnaires

 

Published March 2020

10questions
In today’s perilous cyber world, it’s crucial for companies to assess and monitor the security of their vendors, suppliers and business partners. Failing to do so can be risky, because hackers frequently steal sensitive enterprise data by targeting the third parties to which enterprises are connected. In addition, regulations like GDPR and NYDFS are holding businesses accountable for their third parties’ cybersecurity and enforce stiff penalties for those that don’t comply.

For these reasons, companies must carefully check their vendors’ cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire. But these can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant. A lot of companies would prefer to ask less questions, but don’t know what are the critical questions they have to ask.