If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here. In the webinar we talked about managing the risks associated with vendors and how traditional solutions have failed to solve those problems. Our webinar shared practical advice and talked through the Ostendio solution called MyVCM Vendor Connect. The webinar audience raised some great questions and since we didn’t have time to answer them all, we’ve gathered the top 5 most asked questions here with helpful answers from our product team.
Q1. Do we use Vendor Connect to screen new vendors, or to assess existing vendors?
A: Both. There is no hard and fast rule as to where to start, but a logical approach would be to deploy first to your existing vendors, since your relationships are already established. Then as new vendors come on board, you can make it a standard part of your procurement process.
Q2. Can we treat the assessments as iterative, and mark them “In Progress” vs just Complete or Not Complete?
A: Once you have reviewed your vendor’s answers, you have the option to either complete the assessment or you can send the assessment back to your vendor to remediate any issues. There is no limit on the number of times the assessment may be sent back-and-forth between your organization and the vendor. This leaves the assessment “in progress” until you’ve finalized it with your vendor and marked it complete.
Q3. What happens if my vendor refuses to register for the process?
A: If your vendor wants to complete an assessment offline MyVCM is built to accommodate traditional offline vendor questionnaires. It allows you to print out the assessment then gives you the ability to import a spreadsheet for you to manually score. This will still help mitigate risk but requires some more manual effort and doesn’t take advantage of one of the Vendor Connect benefits which is to have easy communication with your vendors online.
Q4. What happens after I’ve shared my info with a vendor? Can we change the questions once they have been deployed to the vendor?
A: The Vendor assessments are like living entities - you can change them however you want over time, and MyVCM will notify vendors when it is time to update an assessment.
Q5. Is there a limit to how many vendors I can send this to?
A: MyVCM Vendor Connect is totally free for your vendors. Customers simply assign one of their seats on a per-vendor basis.
If you have more questions about managing vendor risk you can reach out to our team of experts who would be happy to talk to you about MyVCM, how we can get you started on your cybersecurity journey or help you with your vendor management program.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.