Do You Work With High-Risk Vendors?

Drive_RISKThe next big issue in risk management: vendors. The goal of Vendor Risk Management (VRM) is to safeguard the company by understanding the risks its vendors face — and according to an Aite Group survey of 26 global financial services firms, it’s due for more attention.

When asked “How many vendors does your company currently classify as high-risk?”, nearly a quarter of those surveyed responded between 25 and 99! Here’s the complete breakdown:


  • 1-24 – 35%
  • 25-49 – 12%
  • 25-99 – 23%
  • 100-199 – 15%
  • 200-250 – 12%

How can a company assess a vendor’s risks? Here are the most popular answers:


  • Collect certifications – 80%
  • Collect vendor policy documents, penetration test results, and audit results – 72%
  • Send questionnaire to vendor – 72%
  • Field internal risk questionnaire with users of the service or product – 72%
  • Conduct on-site visits – 68%
  • Create a vendor scorecard – 56%
  • Accept Shared Assessments Survey (SIG) – 24%
  • Other – 20%

Overall, the best defense is a strong risk management program that’s consistently re-evaluated and gets buy-in from executive management, vendors, and risk experts. DRI’s Risk Management for the Business Continuity Professional can help you develop and implement just such a program. Click here to learn more about it, and to register for an upcoming course!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s