Vendor Risk Management (VRM) Services
Vendor security is more critical than ever, yet many companies still struggle to identify, risk rank, and assess the vendors that support their business. Manual processes like email and spreadsheets add another layer of complexity to completing security assessments. FoxPointe Solutions provides the necessary insight, automation and upgrades you need to stay ahead. VRM is a managed service that can save your organization time and resources while ensuring this critical security function continues to operate.
Reduce Cost, Increase Compliance.
The complexity, scale, and scope of IT vendor relationships is increasing. It’s critical that organizations have efficient vendor monitoring and assessment mechanisms. FoxPointe deploys its team of experts and automated tools to help manage VRM activities throughout the year. By assisting in, or completely managing this critical component of your risk management and information security program, we can help reduce the time and resources associated with internal personnel and increase the likelihood that you will meet required laws, regulations and standards.
VRM Managed Services
FoxPointe Solutions offers multiple service options designed to assist you with demonstrating your risk-based approach and due diligence of your vendors to your customers, stakeholders, and/or prospects.
- Third-Party Inventory: Organizations large and small struggle to centrally manage and identify all vendors being used. We will help you identify all vendors and collect the necessary tracking information to be logged in our tool as a central repository.
- Third-Party Security Assessment Services: The Standardized Information Gathering (SIG) and similar questionnaires (including customizable questionnaires) available in our tool allows FoxPointe to collect and assess the information necessary to conduct assessments of your service provider’s controls in order to risk rank the vendor and assess security.
- Vendor Due Diligence: FoxPointe will assist, or fully manage, a standardized process to oversee the lifecycle for due diligence, risk assessments, and audit.
- Standardized Control Assessment (SCA): These procedures are used by FoxPointe to conduct onsite and additional validation assessments; collecting evidence to verify responses to the SIG or similar questionnaires.
- Contract and Attestation Reviews: FoxPointe will help you review vendor contracts, terms and conditions, and attestation documentation (such as SOC 1 and SOC 2 reports), and provide you with the needed feedback to ensure appropriate agreements are in place and vendor audit results are reasonable to determine if they require follow-up or a change to the vendor risk rank.
- Company Due Diligence Packages: These packages typically include an overview of the company, financials, insurance information, mission, policies and procedures overview and information regarding any audits or examinations you may have completed. It is a great preface of, or supplement to, attestation documents or when you need material to hand out when other data may have restricted use (like a SOC 2).