Hi,
We complete a technology risk assessment on the product separate from the vendor risk.
Thanks,
Kelli Shoup | Technology Support Lead/Information Security Specialist |
|
|
|
|
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Original Message:
Sent: 8/9/2024 11:45:00 AM
From: Anonymous Member
Subject: Technology Risk Assessments
This message was posted by a user wishing to remain anonymous
Does anyone risk rate the technology products along with risk rating the vendor? We currently do both. We complete the risk assessment and due diligence for the vendor and then we also have to risk rate the actual product the vendor is providing us. I'm curious if anyone else does this?