Vendor Risk Assessments
Our vendor risk assessments are conducted by security and compliance experts that use industry leading framework, content and best practices.
Assessment Methodology
The key to a successful vendor risk assessment is bringing together technology, risk expertise and a standardized process. Teepee will undertake a five step assessment process to help run your vendor risk program:
- Help uncover and document which are the most critical vendors that you should be reviewing
- Engage critical vendor to gather security data
- Conduct a full review of gathered data
- Identify security issues based on gathered data
- Work with vendor to remediate or minimize security issues
Technology provides a system of record to gather, review and report vendor data. Professionals with security and risk expertise can make sense of key information that will be critical to decision making. The standardization of the assessment process will increase visibility into an individual vendor while at the same time driving down cost for customers.
Framework
Teepee uses industry accepted frameworks and conducts vendor risk assessments based on documentation such as the SIG Questionnaire, SOC Report, ISO Certification, FEDRAMP and more. There are a few reasons for this approach.
Vendor data that is relevant to your company is readily available in this documentation. Vendors frequently use standard industry documentation to share this data with customers.
These frameworks are continually updated and improved as time goes on. Working groups are established to make sure that this documentation changes as technology and business processes change.
