Vendor questionnaires are a vital part of determining the cyber risk of your third- and fourth-party vendors, but they also are risky propositions in and of themselves. After all, administering a vendor questionnaire involves a tremendous amount of trust: it’s a bit like trusting a cook when you have a severe gluten allergy.
In our latest article in Dark Reading, we provide six solutions to ensure you’re getting the most out of your vendor questionnaires. Here’s a rundown of those six solutions:
1. Keep your questionnaires to a reasonable length to keep costs low and engagement high.
2. Trust the answers you’re given, but verify them.
3. Alter the frequency at which you administer questionnaires: less often for high-performing vendors and more frequently for vendors who have difficulty coming into compliance.
4. Customize your questions to fit your vendor, and use the questionnaire to target the data you’re most interested in.
5. Don’t rely on vendor questionnaires alone: make a cybersecurity risk rating platform an integral part of your third-party vendor security investigation.
6. Determine the answers you need and then craft the questions after; don’t use yes/no questions unless they’re very specific.
Of course, that’s all easier said than done. For advice on how to implement our solutions, read the full article.