Not All Vendors Are Created Equal

When evaluating vendors, security professionals understand not all vendors deserve to be assessed in the same light. While some vendors handle your customers personally identifiable information, others have access to your facilities. Different risks arise and therefore, different questions need to be asked.

While developing custom assessments for a handful of vendors may be easy, scaling to hundreds becomes difficult. ThirdPartyTrust tools are designed to help you collect the right information and ask the most appropriate questions based on the vendors’ risk to the organization. Utilizing rules and labels makes it easy to customize and communicate what a vendor needs to provide based on varying levels of risk.

Collect Documents Based on Risk

Teams that want to increase the number of assessments done this year can take advantage of the required documentation feature inside the tool. The feature allows analysts to create scalable and executable processes for vendor data collection.

By understanding the potential risk of a vendor, requirements can consist of any of the following:

  • Cyber Liability/ Data Privacy, Errors and Omissions, and Directors and Officers and other insurances
  • Certifications such as HIPPA, ISO 27001 and PCI DSS
  • Customized or Industry Standard Questionnaires
  • Attestations such as penetration testing, application scans and general security audits. 

There is also the ability to require your vendor to add their most critical vendors to the platform through a manual process. This is called a fourth party vendor.

Tracking, Sorting and Segmenting

The best way to navigate and assess effectiveness is to create a framework for understanding a vendors associated risk to the organization. Teams can develop a system of labels, rules and filters to manage the overall approval process for tiered vendors.

Completion is then mapped, simply, in a status bar for everyone to see. And by utilizing filters like approved vs unapproved, or criticality, teams can dial down to the vendors that need attention sooner rather than later. Teams can also use the labeling system in developing requirement rules around regulation, risk tiers and scores.



By utilizing the Risk Impact section, we are able to cater our assessment based on the risk to our organization, and drive certain requirements as part of the review. There are multiple ways to enforce requirements (including labels, breaches, etc…)

Information Business Liaison, Trustmark Companies

Looking to tier vendor assessments and collect the right information easily?