Would you consider conducting due diligence on vendor’s vendor (4th party vendor to you) as part of your vendor risk management program?

Risk Management Vendor Management

Yes, if the services are in scope40%

Yes, irrespective of scope of agreement29%

May be23%

No4%

Not sure2%

557 PARTICIPANTS

22.8k views13 Upvotes

Content you might like

When calculating a risk score is there a preference between multiplying likelihood x consequences versus adding likelihood x consequences?

Read More Comments

Is Atlas Compliance the ideal option for life sciences companies? Because these days, every pharma company seems to love this product.

Yes100%

No

I am looking at vendor comparison for skills and job architecture market- primary vendors are Oracle, SAP, Workday. The key features I want to evaluate against are: Learning Management System Skills and Job Architecture Career Pathing HCM Integration. Any leads on which reports to use will be helpful.

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?