Blog

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • October 2020 Vendor Management News

    yesterday
    As we enter the fall season, and National Cybersecurity Awareness Month, make sure you stay caught up on vendor management and vendor cybersecurity news with the articles covered below.

  • Unmasking Your Vendors: How to Create Vendor Transparency

    2 days ago
    We all wear masks, literally and figuratively. We wear them for fun, safety, privacy and lately we’ve been wearing them everywhere for protection, health and compliance. Some say that wearing makeup or feigning a smile is a form of wearing a mask by, in some way, showing an exterior that is slightly different than what is within.

  • Understanding Vendor SOC Report Controls and Evaluating Results

    3 days ago
    Reviewing a SOC report can feel like a daunting task, especially if you’re unsure of what parts of the SOC report are considered key components, what best practices to follow, how to assess the controls, evaluate results and why vendors write the control activities the way they do. The best way to tackle such a colossal task is, of course, to start at the beginning.

  • How to Review Your Vendor’s Cybersecurity Posture

    9 days ago
    Understanding your vendor’s cybersecurity posture is critical. It can help reduce the risk of your vendors and contractors becoming your weakest link, and in today’s environment, many organizations are investing heavily in their cybersecurity programs. This can often mean a LOT of documentation to sift through. But, with so many areas to review, what are the best items to request to get the most comprehensive snapshot of your vendor’s cybersecurity posture?

  • 11 Tips for Reviewing Vendor Business Continuity and Disaster Recovery Plans

    10 days ago
    When major storms are a brewing, we can’t help but wonder about all the people that stand to be affected. We don’t mean the grocery stores and their empty shelves, or the gas stations with empty pumps. We think about organizations and their vendors.

  • Alternatives to Vendor SOC Reports: What to Review to Manage Risk

    16 days ago
    Most of us know by now how useful it is to review a vendor’s SOC report when doing third-party due diligence. But, what if your vendor doesn't have a SOC report ? If a large corporation doesn’t have a SOC report, that may be considered a red flag, but many small organizations don’t have a SOC report due to the cost of obtaining them and the internal resources required to manage that type of project. So, what can you review instead?

  • Why You Need to Invest Time and Budget in Vendor Management

    17 days ago
    Many organizations often have a cumbersome and extensive budgeting process. Sometimes, the budgeting endeavor includes endless hours and late nights — not to mention that constant battle for the “right amount” of money to run business units year to year.

  • The Importance of Third-Party Risk Management Workflows

    18 days ago
    Generally speaking, a workflow is a sequence of tasks that move data. Today, regulations drive processes, processes require controls, controls involve approvals and approvals usually get reported. That’s a simple way of highlighting how nit-picky doing anything in the corporate world often is. But that’s also a workflow, right? One thing must happen before another, then it goes to someone else and then on and on.

  • Cybersecurity Is a Team Effort When It Comes to Vendor Risk Management

    23 days ago
    “Phishing,” as we know it in the tech world, isn’t something involving bait and tackle... at least, not in the traditional sense, anyways. Phishing refers to a cyberattack that uses disguised emails as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their organization, for instance, or a note from a colleague in their organization — and there’s always a call to action such as to click a link or download an attachment.

  • 6 Key Provisions to Know for Vendor Contracts

    24 days ago
    When it’s time to either review a new critical vendor contract, or start negotiation terms for an existing one, there are some specific provisions you’ll need to be on the look for in order to make sure you’re minding your p’s and q’s when it comes to compliance with industry regulations and standards. So, what should you be looking for?

  • 8 Strategic Ways to Effectively Manage Vendors

    one month ago
    Vendor risk management is a reality in our world today. Every organization on the planet is looking for better ways to strategically manage their business, and vendors are a strategic part of the organization’s production and delivery of products and services.

  • How to Manage and Map Third-Party Vendor Cyber Risks

    one month ago
    With the explosive growth of outsourced technology services and the increase of third-party data breaches , it’s vital organizations take control of their third-party relationships and implement the necessary steps to properly manage and map their third-party cyber risks.

  • September 2020 Vendor Management News

    one month ago
    Stay on top of vendor management industry updates this fall with our expert complied list of news and resources.

  • 9 Tips If Your Vendor Management Budget Is Small to Non-Existent

    one month ago
    Let’s get this out of the way up front. Every organization has vendors and every organization has a vendor management program, even if your program isn’t formalized. That’s right: every single one! Wow! I feel better now. Each organization has three things they must do: produce a product or service, market that product or service and finance the production and marketing of that product or service. Don’t see vendor risk management in that list? It’s there. Just hidden and unformalized.

  • How to Get Out of a Bad Vendor Contract

    one month ago
    We’ve all experienced it at one time or another: a once-promising vendor relationship has suddenly (or perhaps, not so suddenly) gone sour. Whether it’s due to repeated SLA failures, a lack of internal or external communication or other performance issues, sometimes there’s nothing left to do but find an exit. And sometimes, that’s not as easy as it sounds.
More