Subscribe to the blog

Receive articles and resources from the information risk management experts at FoxPointe.

FoxPointe Solutions Introduces Vendor Risk Management (VRM) Services


Rochester, N.Y., November 10, 2020—FoxPointe Solutions, a division of The Bonadio Group dedicated to information risk management (IRM) services, has added a full Vendor Risk Management (VRM) service, helping companies who struggle to identify, risk rank, and assess the vendors that support their business.

Lack of vendor security is at an all-time high due to the fast-paced business landscape, and while many companies know they need third-party support, they don’t know where to start to ensure their contracted vendors are not compromising their security. In a recent 2020 Third-Party Risk Management Study by Prevalent and Shared Assessments, only 39 percent of participating companies admitted to assessing more than three-fourths of top-tier vendors and 66 percent say they should be assessing more than three-fourths of their top tier vendors. FoxPointe Solutions’ new VRM services will provide the necessary insight, automation and upgrades companies need to stay ahead.

With a variety of service options designed to assist companies with demonstrating a risk-based approach and due diligence of vendors to customers, stakeholders, and prospects, FoxPointe Solutions VRM services ensure clients feel safe and secure within their vendor choices. Managed services options include third-party inventory, third-party security assessment services, vendor due diligence, standardized control assessment (SCA), contract and attestation reviews and company due diligence packages.

“The industry continues to change as companies are in dire need of support from various third-party vendors, at the same time, a number of breaches have occurred through a company’s third-part vendor. The first step to safe and effective vendor relationships is addressing risk,” said John Roman, CIO of The Bonadio Group. “We’re looking forward to giving our clients the opportunity to receive the necessary insight, automation and upgrades to stay ahead and remain secure.”

Through this new service, FoxPointe Solutions is able to deploy a team of experts and automated tools to help manage VRM activities from providing assessments of existing vendors to helping vet those that the business may hire in the future. Through managing this critical component of organizations’ risk management and information security programs, FoxPointe Solutions can help reduce the time and resources associated with internal personnel and increase the likelihood that companies will meet required laws, regulations and standards.

“Vendor risks are increasing at a rapid rate, and it’s critical that organizations have efficient vendor monitoring and assessment mechanisms in place as they move quickly in this process,” said Jill Martucci, Principal of FoxPointe Solutions. “Rolling out the full FoxPointe VRM services will give companies the peace-of-mind they deserve when identifying third-party risk.”

Visit FoxPointe Solutions’ VRM webpage for more information on these services.

About FoxPointe Solutions
In 2007, The Bonadio Group founded its Enterprise Risk Management practice to help companies navigate a growing world of interconnected networks, systems, and people, along with the risks associated with communicating and transacting business in that world. Since then, we’ve transformed this practice into FoxPointe Solutions, and have evolved into a full-service cyber risk management and compliance firm, bringing with us over 10 years of experience in the industry. For more information visit,