How to Perform a Vendor Risk Assessment

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Knowing who your vendors are, how they manage their risks and the impact it could have on your company is a crucial piece of your InfoSec program. It’s also a requirement for SOC 2, ISO 27001, HIPAA and more!

At Tugboat Logic, we’ve set out to simplify how you manage IT risk, audits and compliance, including tackling the dreaded Vendor Risk Assessment (VRA). However, we believe that safer data benefits everyone. So we put together this handy Vendor Risk Assessment guide if you want to perform VRA’s solo.


What Is a Vendor Risk Assessment?

Vendor Risk Assessment, or a vendor risk review, is the process of identifying risks to your organization associated with a vendor’s operations and products. You evaluate the potential risks or hazards associated and the inherent impact on your organization. 

Performing VRA’s helps you select partners aligned with your security and compliance values. 

Risks may include:

The dependability of operational, customer, and financial information Legal and regulatory compliance Security breaches,

Read the article