Would you consider conducting due diligence on vendor’s vendor (4th party vendor to you) as part of your vendor risk management program?

Risk ManagementVendor Management

Yes, if the services are in scope45%

Yes, irrespective of scope of agreement27%

May be21%

No4%

Not sure1%

560 PARTICIPANTS
22.8k viewscircle icon13 Upvotes

Content you might like

Have you updated vendor contracts to address AI usage and data sharing?

Yes29%

No42%

Planning to25%

N/A

Unsure2%

View Results

Does anyone know how to get a good deal for a service and workload orchestration and automation tool like Redwood runmyjobs or bmc control-m? Are there any good open source products out there that offer enterprise support?

Did anyone used the FAIR-CAM mixed with NIST 800-53 v5 to identify the controls to implement in your organization based on your risk appetite?

Is Atlas Compliance the ideal option for life sciences companies? Because these days, every pharma company seems to love this product.

Yes80%

No20%

Do any external vendor options exist beyond SAP Data Masking - UI Data Protection Masking - UISM100? Are there any solutions that allow users to access some data, but not all, on SAP-delivered T-codes? Are there specific fields on the screen that need to be masked to meet PII requirements?

Would you consider conducting due diligence on vendor’s vendor (4th party vendor to you) as part of your vendor risk management program? | Gartner Peer Community