Vendor Assessment
how do we know which third-party vendors to do business with?
uhhh just do a bunch of stuff on them. lowkey experiment on them.
- Penetration Testing
- Right to Audit Clause
- Proof of Internal Audits
- Independent Assessments
- Supply Chain Analysis
Audits and Assessments
If organizations don't comply with government requirements for internal assessments for things like PCI DSS and others, you probably shouldn't do business with them.
- Internal Compliance Assessments
- Audit Committees
- Self-Assessments