Monitor risks continuously

Evaluate the residual risk of vendors

Identify all vendors and third parties

Assign risk ratings to vendors

It focuses on compliance standards

It requires less data from vendors

It is faster and easier to classify vendors

It is more detailed than residual risk

Security scorecard templates

Compliance checklists

Vendor risk management software

Inherent risk analysis

Questions about vendor's financial stability

Questions about vendor's customer service

Questions about technical, process, and people controls

Questions about vendor's market reputation

Focusing only on financial risks

Ensuring they are short and concise

Including questions about compliance requirements

Avoiding technical questions

Ignore them until they become a problem

Only monitor them without taking action

Mitigate them based on importance and priority

Treat them the same as low-risk vendors

To update vendor contracts regularly

To ensure vendors are paid on time

To keep track of vendor performance

To assess ongoing risks associated with third parties