Think about your vendors. Each one presents a unique risk to you. Whether it’s a risk to information security or the availability of your company’s product or service, all vendor services come with a specific level of risk.
In the current technological environment, vendors are not only helpful, but they are required to run certain aspects of many businesses. Most organizations keep tabs on their vendors at the beginning of the relationship, having them sign a nondisclosure agreement or some type of contract. Those organizations might also check in on their vendors’ security postures once a year for compliance purposes.
Companies who do this are probably checking off the boxes to keep the auditors happy—but, if all they’re doing is checking boxes, they’re not actually managing the risk posed by their vendors. So, how do you, as a Board of Directors, appropriately oversee vendor risk? Here are three key things you can consider asking management about: