Is Your Vendor Assessment Process Optimized for a Remote Workforce?

June 29, 2020

For many years, information and data security was a very hands-on process. When data was stored in on-premise hard drives and platforms, InfoSec teams had immediate access to data and the privacy protocols. Systems were hard-wired and accessed on-premise, which left little room for remote threats.


Recognizing the shift to cloud-based security

Over the last decade, the shift to cloud-based data security has loosened the reins a bit. While InfoSec teams now have more flexibility and transparency with the data and tools they’re using, malicious threats have the ability to access this same data remotely. In the last few months, a large portion of the US workforce has shifted to working remotely from home—including InfoSec teams. While data security is in a better place than it was a decade ago, there are still concerns about a fully remote security workflow.


Key factors for a remote vendor assessment process

Monitoring your remote vendor assessments from a centralized office is one thing: you have your VPNs, firewalls, and other security assets firmly in place and verified across the organization. Asking your InfoSec team members to manage this process remotely is another story.

Here are some key factors that contribute to an optimized remote vendor assessment process:

Access to the most updated vendor assessments and questionnaires: New vendor risk assessments and questionnaires are being released all the time, and many are updated frequently as well. Your remote team should have immediate access to the most recent versions of these assessments so there are no gaps. 

A streamlined communication process: Just because your team is working remotely doesn’t mean that communication channels need to disappear. Whether your team works through a productivity solution like Slack or Hangouts or if you have an in-house communication tool, make sure your team is active and engaged when problems arise.

Clear accountability measures: One reason why remote work is concerning for so many InfoSec professionals is that there needs to be clear accountability, which can be hard when people aren’t together. Assigning tasks and follow ups to specific team members can ensure that people are held accountable while apart.

The ability to edit and update profiles without risk: Because risk policies are constantly changing, there has to be some way to remotely edit assessments and profiles without causing issues. By managing all of your vendor assessment details in a single cloud-based location, your team can make updates and edits—and save these changes securely—without worry or concern.


Setting your team up for long-term remote success

Even as some organizations are starting to go back into traditional office environments, many corporations are preparing for long-term remote work policies for employees, including InfoSec teams. One of the best things InfoSec leaders can do at the moment is to equip teams with the tools and solutions they need to securely protect your data—and your vendor’s data—whether at work or at home. Flexibility is key.

Whistic, the proactive vendor security platform, makes it easy to manage remote vendor assessments and security needs without sacrificing compliance or privacy. 

Risk Management information security risk assessment vendor risk management vendor risk assessment infosec remote work

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.