This document serves as a guideline for evaluating the risks and ensuring that third-party vendors align with the security and compliance expectations of our organization. Regular reviews and audits of this list will ensure the parties remain compliant and risk aware. While not all companies will have all the artifacts, statements affirming non-applicability or attestation to having policies and procedures addressing these topics are required.
Gordon Bjorman
SMB Vendor Risk Management: Request Due Diligence Information From Vendors
Updated: Nov 19, 2023
Comments