Please enter the text in the same order as shown in the Image below
Take Courses
Get Certified
Attend Events
Explore Resources

Do You Work With High-Risk Vendors?

August 15, 2014 Leave a comment dridrive

Drive_RISKThe next big issue in risk management: vendors. The goal of Vendor Risk Management (VRM) is to safeguard the company by understanding the risks its vendors face — and according to an Aite Group survey of 26 global financial services firms, it’s due for more attention.

When asked “How many vendors does your company currently classify as high-risk?”, nearly a quarter of those surveyed responded between 25 and 99! Here’s the complete breakdown:


  • 1-24 – 35%
  • 25-49 – 12%
  • 25-99 – 23%
  • 100-199 – 15%
  • 200-250 – 12%

How can a company assess a vendor’s risks? Here are the most popular answers:


  • Collect certifications – 80%
  • Collect vendor policy documents, penetration test results, and audit results – 72%
  • Send questionnaire to vendor – 72%
  • Field internal risk questionnaire with users of the service or product – 72%
  • Conduct on-site visits – 68%
  • Create a vendor scorecard – 56%
  • Accept Shared Assessments Survey (SIG) – 24%
  • Other – 20%

Overall, the best defense is a strong risk management program that’s consistently re-evaluated and gets buy-in from executive management, vendors, and risk experts. DRI’s Risk Management for the Business Continuity Professional can help you develop and implement just such a program. Click here to learn more about it, and to register for an upcoming course!