Join the hundreds of companies that trust 6clicks
TermsAFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Compliance Automation Software Compliance Risk Management Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 Notifiable Data Breach OAIC Policy Management SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management
What is a Vendor Review?
Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor's product or service, as well as an ongoing process to ensure that quality security practices are being maintained in an ongoing fashion. A vendor review process will assess a vendor's capacity to maintain effective and appropriate security practices and other performance elements critical to an organization's business. Vendor review is particularly critical when vendors will have access to sensitive internal or customer data.
An organization may develop different vendor review processes for its different vendor types. Vendor reviews will address a range of areas of risk that working with the vendor could pose to an organization, including but not limited to review of a vendor's physical environment security, organizational security, human resource security, data handling processes, asset management, and more.
Establishing and maintaining regular vendor review processes will help ensure that an organization is effectively monitoring not only its internal security processes, but the security of all the services that comprise its operational ecosystem. If vendors have access to a company's internal or customer data, the quality of their security practices is as important as the quality of an organization's own practices.