This message was posted by a user wishing to remain anonymous
We are having similar issues: more and more vendors not only don't want to use third party platform, but they don't even want to complete questionnaire at all, instead, they provide their due diligence packet 😊 I think, unfortunately, that's the future we are heading to.
Thanks.
Original Message:
Sent: 04-26-2023 09:28 AM
From: Katherine Coffield
Subject: Vendors not completing IT Security Questionnaire via 3rd Party Platform
David, I can speak from the perspective of the person who in responsible for completing assessments where our clients view our financial organization as their vendor. In my experience, completing assessments are more manageable in an excel format. This allows the spreadsheet (which is saved as a Master Draft) to be updated with notes, SME assignments, and various color-coding. Platforms tend to limit access which hinders the process as information must be obtained from SME across the enterprise. Third party platforms are interactive and depending on the response will populate with additional questions that are not initially apparent. Having all the questions listed allows for assigning them to the SMEs at one time. Completing assessments is an on-going process with many starts/stops as information is obtained and updated within the Master Draft. I typically am processing at least 15 open requests at one time. Being able to add notes to an excel formatted assessments assists in managing the process and workflow.
If our client uses a third party platform, NDAs must be obtained from that vendor before sharing our confidential, sensitive, and proprietary information.
Original Message:
Sent: 04-26-2023 08:45 AM
From: Rick Thompson
Subject: Vendors not completing IT Security Questionnaire via 3rd Party Platform
David, I experience this with about 15-20% of all our vendors. Some companies just refuse to use a third-party platform/ portal due to their internal policies, and sometimes it mitigates their risk of proprietary data being shared without the 3-way NDAs having to be executed. As a workaround, I copied the Venminder questionnaire template to an Excel version and I email it directly to the vendor. This adds extra steps, but occasionally this has to be done to accommodate the vendor.
Original Message:
Sent: 04-25-2023 04:24 PM
From: David Pittman
Subject: Vendors not completing IT Security Questionnaire via 3rd Party Platform
Has anyone ever experienced vendors not wanting to complete your IT Security Questionnaire via using the Venminder Platform? If yes, how did you handle this? I have a Vendor, who is insisting on completing via excel, word, or pdf file. I am trying to push our method because I am trying to get this over into one platform and process. Any suggestions or comments on how to handle this vendor?