Vendor Management

Every vendor that your organization does business with must be included in the third-party inventory. It’s not that every vendor poses a significant risk; it’s that you must show your due diligence regardless.

• Import vendors one at a time or all at once
• Easily manage all vendor relationships
• Automated annual renewal of all vendors
• Scheduling of future renewals
• Managing all vendors keeps you defensible 

Now that you know all the vendors’ potential impact, medium- and high-risk vendors must demonstrate what safeguards they have in place by completing a FISASCORE self-assessment. This will determine their residual risk, which is the remaining risk that must be addressed.

• Assessments are performed using the FISASCORE risk assessment
• FISASCORE is based on industry standards including ISO and NIST
• Assessments cover all areas of information security: administrative, physical and technical controls
• Built-in metrics allow you to focus on your riskiest vendors
• Easily see the FISASCOREs of all vendors in the dashboard
• Workflow engine manages all communications with your vendor
• Increased defensibility through standardized questions and objective responses

Some percentage of your vendors will pose an unacceptable information security risk to your organization. You won’t know what percentage, or what to do about it, without reaching this part of the process. You must establish objective thresholds for information security risk for vendors and treat them appropriately.

• Risk managers are notified when an assessment has been completed
• Easily review assessment results, including the areas where your vendors need improvement
• Select from one of four ways to treat your vendor: accept, remediate, transfer or avoid
• Workflow engine manages communicating remediation items
• Helps your vendors become more secure, which is good for them and for you

It’s not enough to just assess risk; risk must be processed and mitigated. For those vendors that you selected “Remediate,” VENDEFENSE automatically generates a remediation plan based on the low-scoring areas of their FISASCORE assessment. As vendors remediate vulnerabilities, their information security posture improves and so does their FISASCORE.

• A remediation plan is generated and sent to the vendor
• Risk managers can order an onsite, validated FISASCORE assessment
• You’re notified as vendors complete tasks in their remediation plan
• You control when you are willing to accept a vendor
• Managing risk of all vendors makes you defensible

The power of VENDEFENSE lies in its intuitive dashboard that allows you to see all your vendors at once, identify the overall risk exposure of your organization, and pinpoint where in your organization the risk is coming from.

• View all vendors in one dashboard
• Easily see which vendors pose the greatest risk and which are scheduled for review
• View FISASCOREs for all your risky vendorsand your company’s aggregate FISASCORE
• View FISASCORE trends over time 
• Generate custom reports for management and the Board of Directors

*Based on customer feedback