Ensuring systems have minimal necessary permissions

Granting full access to trusted vendors

Allowing unrestricted access to internal systems

Relying on vendor assurances for security

Vendors may limit their liability significantly

Contracts usually cover all potential damages

Vendors often provide immediate assistance

Contracts ensure full data recovery

They provide extensive security guarantees

They often agree to unlimited liability

They are always willing to reduce prices

They have significant leverage in negotiations

To ensure vendors are paid on time

To verify compliance with security obligations

To reduce the cost of vendor services

To increase vendor profitability

It reduces the need for vendor assessments

It clarifies vendor security responsibilities

It ensures vendors have no obligations

It guarantees vendor profitability

To hold vendors accountable for security breaches

To provide flexibility in vendor obligations

To ensure vendors can delay reporting

To allow vendors to avoid responsibility

Ignoring vendor security practices

Conducting independent security assessments

Assuming all vendors are secure

Relying solely on vendor questionnaires