A recent survey by Rsam shows that 50 percent of organizations assess less than 15 percent of their vendors for reputational, financial and/or data security risk; and the remaining 50 percent average a 30 percent assessment rate. The poll also showed that participants intend to increase vendor assessments by 60 percent in 2017.
Managing vendor risk is challenging for most organizations, whether they have a universe of a few hundred or thousands. Third-party relationships are more entwined than ever due to the volume of interactions that occur daily and the business criticality of many outsourcing arrangements. While the scope of risk is increasing, the scrutiny from external forces like regulators, shareholders and the media is also on the rise.
"Organizations of every size want to gain control over vendor risk but many simply don't have the resources to make a dent," said Vivek Shivananda, CEO of Rsam. "We advise risk professionals to start with the basics, get a program up and running quickly, demonstrate success and iterate from there."
The poll respondents included nearly 100 GRC professionals who attended a recent Rsam webinar.