Vendor Assessments Flashcards
What is a Vendor Assessment?
Assessing and evaluating vendors
Who are the Vendors?
Businesses or individuals that provide the goods of services and products to an organization
Who are the suppliers?
Individuals involved with the production and delivery of the products
Who are the Managed Service Providers (MSPs)?
Individuals hired by companies to manage IT services on behalf of an organization
Why is Pen Testing part of the Vendor Assessment?
Validate that the service provider or vendor is taking their own cybersecurity posture seriously since their risk can become your risks once you install their software into your network
Why is The Right to Audit Clause part of the Vendor Assessment?
The right to evaluate vendors internal processes for compliance
What is an Internal Audit?
A vendors self-assessment of practices against industry or organizational requirements
What is an independent assessment?
An evaluation done by third party entities that have no stake in the organizations or vendors operations
What is a Supply Chain Analysis?
Used to dive deep into a vendors supply chain to ensure its integrity
