Collaboration and leveraging the skills of others are key aspects of growing a business. Companies worldwide are using the expertise, products, and services of other companies to enhance their core competencies. But entrusting another company (a vendor) to provide a service is not cut and dry. What if a vendor’s reputation is questionable? What if a vendor is a financial risk or has had their internal system breached before? These are all questions that should be answered prior to exposing a vendor with your company’s most valued assets. As technology begins to expand there is a need for placing increased importance on Vendor Security Management (VSM) instead of simply focusing on the vendor’s performance.
What is Vendor Security Management?
VSM is taking a proactive step in identifying and decreasing potential uncertainties and liabilities in regards to hiring 3rd party vendors for IT products and services. VSM is important because merging two or more corporate ideologies is very risky and should be handled with caution. VSM should be a top-down approach in which the Chief Information Security Officer (CISO) takes the responsibility to add this component to the vision and strategy of the company.
How does Archer handle Vendor Security Management?
Archer’s solution to VSM gives you the power to automate and streamline the continuing oversight of vendor relationships by facilitating various activities including Risk-based vendor selection, relationship management, and compliance monitoring. Archer also has seven risk categories that will provide any organization with a broadened and more in-depth perspective of the security an engagement presents. Categories include Compliance/litigation risk, financial risk, information security, reputation risk, resiliency risk, strategic risk, sustainability risk. The benefit of Archer’s solution is that it proactively breaks down VSM into manageable pieces in which each company can focus on the category that it finds most important.
What if Vendor Security Management is neglected?
Performance is not everything. A third party vendor may provide excellent service but be at high risk of a security breach. Also, maintaining a successful company means having a strong future vision in mind and being mindful of the risks presented in an engagement. Neglecting VSM could be very detrimental to customers and employees, as many stories in today’s news will report. For example, the company, Assisted Living Concepts, used a third-party payroll and HR management provider by the name of Ultimate Software (also referred to as UltiPro Services). In December 2013 Ultimate Software was breached and over 43,000 former and current employee records were stolen and used for tax fraud. Upon investigation from the IRS and the FBI it was noted that if Ultimate Software had two-factor authentication enabled for their employee accounts, the breach of their system could have been prevented. If Assisted Living Concepts knew this bit of information beforehand they may have made a different decision in choosing a vendor to provide payroll and HR management services.
Systems security breaches have been documented to cost hundreds of millions of dollars depending on the magnitude of the breach and the size of the company. Although you have the ability to recover from a breach, it will be an uphill battle to gain new customers and retain customers due to the lack of trust. Systems security breaches negatively affect current and future profits.
Why is Archer’s Vendor Security Management for you?
Investing in Archer’s Vendor Management solution instantly increases the transparency of potential vendors. Having knowledge of vendors better equips any company to make informed decisions that impact people’s lives on a daily basis.
CyberSheath understands that a “one-size-fits-all” approach doesn’t work when designing your security. We operate on four basic principles in delivering a differentiated service. First, we begin each VSM project with due diligence to gain an understanding of your business. Second, we model the assessment process based on your business complexity and resource constraints. Next, we develop a VSM solution that ensures your future security state is measurable and sustainable. Lastly, we collaborate with your business stakeholders and technical experts and directly assist in the implementation of your Vendor Security Management program. CyberSheath is built on strong security principles that we intend to bring to your business in a pragmatic and effective way.