Vendor Risk Scorecards
Board-friendly, examiner-approved Red/Yellow/Green vendor risk scorecards and recommendations
We’ve been measuring and mitigating vendor risks for 14 years. We learned a long time ago how important it is to communicate your vendor risks and mitigation steps to your Board. We also know how difficult it is to communicate highly technical issues to Board members who have little background in technology or information security.
Six years ago we introduced our Board-friendly vendor risk scorecards that summarizes our comprehensive vendor risk reviews and vendor risk mitigation recommendations. Using a powerful vendor risk management methodology and scoring system, we convert your unique vendor risk areas into a 0-100 scale (vRisk™ scores) with red, yellow and green indicators and present it in a simple, one page report. Board members may not know which audit controls should be included in your vendors’ SSAE 16 reports, but they do know to ask a lot of questions about vendors that score in the yellow or red.
1,200 vendor risk scorecards later, our vRisk™ scores and red/yellow/green indicators have become the industry standard for vendor management Board reporting. Now that lack of effective Board oversight and reporting is the third most common matter requiring attention (MRA) in vendor management exams, you might want to see what everyone is talking about.
- Helps you satisfy the FFIEC requirement for Board-level visibility with one page, non-technical red/yellow/green risk reports on your critical vendors
- Includes and summarizes our vendor financial risk review, vendor SSAE 16 review, vendor business continuity plan and test results review and vendor contract risk review.
- Above and beyond. In addition to our reviews, we create a vendor risk action plan that turns our recommendations into execution tasks with dates and responsibilities.
- Examiner-approved. Our vendor scorecards and the methodology, reviews and scoring behind them have been approved by every regulatory agency.
So, What Makes Us Different?
DO IT FOR ME
Let us gather and review your vendors due diligence documents, review them, score then and make risk mitigation improvement recommendations, so you can focus your time on making the best business decisions from our recommendations.
PENETRATING VENDOR INSIGHTS
We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in marketshare , evaluate their products and know about problems before they’re public.
Many competing vendor management software and services are actually resold by your moderate to high risk vendors .
This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day.
Learn More About Our Vendor Due Diligence Document Collection Services
Schedule a time to talk with one of our Vendor Management Consultants or, if you’re ready, request a custom pricing proposal