Skip to main content

Vendor Risk Management

According to the Ponemon Institute, one in five data breaches is caused by a lack of proper third-party vetting.  Many of these breaches have been massive, exposing the data of millions of consumers and receiving extensive media coverage. Despite these incidents, many organizations have failed to invest in adequate vendor risk management programs. 

As the reliance on third parties becomes greater, the urgency to address this risk grows.  Vendors of all sorts pose a direct risk to the security of your data.  Some of the largest breaches in recent years were caused not by IT or financial services vendors, but by HVAC contractors, facilities maintenance contractors and payment systems providers.  These breaches have put tremendous public and regulatory scrutiny on the way companies vet the vendors who touch sensitive data.

Expert Vendor Management Program Development

Focal Point helps clients address this growing frontier in data privacy and security. We have designed and implemented vendor risk management programs for organizations of all sizes. Our team of privacy experts brings this experience to each engagement, designing vendor risk management programs that meet your business needs and secure your assets. These projects often include:

  • Customizing a program that accommodates all types of vendors;
  • Establishing mechanisms to effectively identify and manage the population of vendors;
  • Defining appropriate privacy, security and compliance requirements for vendors based on inherent risk profiles;
  • Performing on-site and remote vendor risk assessments;
  • Defining processes and templates that facilitate the execution of due diligence and monitoring practices;
  • Creating reporting metrics that allow for visibility into vendor risks to enhance enterprise decision-making capabilities; and
  • Presenting vendor risks to senior leadership teams.

Proven Vendor Risk Management Methodology

Focal Point follows a proven five-step process, which we tailor to meet the needs of each client.

Vendor ProfilesVendor Profiles

Each vendor risk management assessment begins with developing a full profile for each of your vendors – classifying each vendor by service, data type, and inherent risk rating.

FrameworkCustomized Framework Development

Focal Point builds a custom risk management framework built around your needs and concerns. 

AssessmentsVendor Assessments

Assessments range in complexity from self-assessment questionnaires to full third-party assessments, depending on the vendor’s inherent risk rating.

RemediationRisk Remediation

We establish and document ongoing risk management practices for continuous monitoring of vendors.

ReportingReporting and Dashboarding

Focal Point creates report dashboards for each audience – executives, business owners, and other team leaders.


tweets by @FocalPointDR

Loading Tweets...