1. Knowledge Base
  2. Cybersecurity
  3. Lex Mundi Core Standards and Recommended Practices

Vendor Management

Tips and tricks - including 10 questions to ask your vendors and suggestions of risk-assessment vendors

General Advice on Vendor Management and Cyber Awareness

  • Run annual exercise with internal departments
  • Create short list of vendors handling PII
  • Run workshops individually with vendors
  • All internal staff involved should be trained on awareness
  • Use WhatsApp / Slack / Team collaboration groups to alert team and help desk members on cybersecurity alerts
  • Geo-blocking countries is not recommended; use Ad hoc blocks if necessary

"10 Critical Issues to Cover in Your Vendor Security Questionnaires"

January 27, 2021 In today’s perilous cyber world, companies must carefully check their vendors’ cyber posture, and the initial vetting of any third party typically begins with a comprehensive security questionnaire.

But these can be a headache, because many questionnaires include hundreds of questions, and many of them are irrelevant. What are the key questions that must be addressed to determine if vendors have a strong cyber posture?

This guide covers the most important ones to consider, including:

  • Does customer data leave the vendor’s production systems?
  • Does the vendor support single sign-on?
  • Does the vendor have an employee security awareness program?

https://dbac8a2e962120c65098-4d6abce208e5e17c2085b466b98c2083.ssl.cf1.rackcdn.com/10-critical-issues-to-cover-in-your-vendor-security-questionnaires-pdf-5-w-7443.pdf