Repliance

Depending on size, budget, and other factors, a company may wish to take on vendor security questionnaires in-house. We've put together pointers to help you get the right stakeholders, data, and processes in place to handle VSQs successfully. repliance.com/vsqs-101.html

Ever received a VSQ that didn’t apply to your product? Open dialogue with your potential client to better understand their intentions. A lack of thorough responses on your end may inadvertently convey a lack of security controls. It’s better to get ahead & close that deal!

Having a hard time determining what VSQ questions mean? You are not the only one! One thing we consistently hear from clients is the specific skill set needed to handle VSQs. Specifically, the need to interpret nuanced questions. We can help! repliance.com/contact-us.html

In collaboration with Metosin, Repliance developed a system that combines AI and expert knowledge to efficiently and accurately respond to VSQ. Huge thanks to @Repliance1, it's been a joy working with you - let's keep going! metosin.fi/en/references/…

We're excited to announce that Repliance is launching its services to the public! We’ve learned a great deal piloting our services. Getting to know our clients' needs and how the industry has tried to address those needs has been invaluable. bit.ly/3y1Xinh

The best advice for a startup needing to answer vendor #securityquestionnaires is to get ahead on documentation. Don't forget about HR policies. Security questionnaires ask more than just security-related questions! ✍️🗒️ #vendorriskmanagement #thirdpartyriskmanagement #infosec

#securityquestionnaires can be ambiguous. e.g. authentication questions can pertain to either application end-user auth or internal auth to prod environments. They can be two different sets of controls. Consider adding context to questionnaires and get the info you are after!

October is cybersecurity awareness month 🔒 It's a good time to assess your third-party vendors to see how they are reducing risks and if their systems are built with resiliency in mind. Consider regular review ✅☑️ #CybersecurityAwarenessMonth #thirdpartyriskmanagement

Pro-tip Thursday! Consider general legal training for your sales team. Some vendor questionnaires could be legally binding. For example, when your sales team receives questionnaires inquiring about US transfer of personal data, check with your legal team on how to proceed.

Does your startup filter incoming vendor security questionnaires based on opportunity costs? Share some thoughts on the topic! #vendorriskmanagement #thirdpartyriskmanagement #compliance #supplychain #infosec

SOC2 vendor security questions evolved recently from "Does your organization have a SOC2 Type II report" to "Does your SOC2 Type II report note any exceptions". Could this be an industry indicator? 🤔 #thirdpartyriskmanagement #vendorsecurity #securitycompliance

Vendor security questionnaires are typically just part of the sales engagement for B2B transactions. Which parts of the sales engagement do you find most useful from a security standpoint? #thirdpartyriskmanagement #vendorsecurity #corporatesecurity

With the rise of text phishing, add this to your vendor security questionnaire, "Does your security awareness program incorporate training related to email and text phishing security incidents?" #thirdpartyriskmanagement #vendorsecurity #corporatesecurity

Last of the #SecurityPolicyProTips for the week! Get everyone involved: ✅ Incorporate feedback from your sales team. They hear about security control demands from your customers. ✅ Keep your staff up-to-date on policy changes so everyone understands the goals and implications.

When doing your annual review of your security policies, check for gaps and discrepancies. One good approach is to review the policies against a recently completed vendor security questionnaire. #corporatesecurity #SecurityPolicyProTips

Many organizations use policy templates or generate them using third-party tools. Pro-tip: Review the output to ensure the policies align with your practices and security maturity level. Edit accordingly! #SecurityPolicyProTips #corporatesecurity

Keeping security policies up-to-date is a struggle! Some tips include: ⭐️ delegating ownership to policies so more than one person is responsible for them ⭐️ hosting company sprints to work on those policies ⭐️ automating reminders #SecurityPolicyProTips #corporatesecurity

Happy Monday ☕️ This week we are diving deep into security policies; the good, the bad, & the ugly! How often do you review your security policies? Not only should you review (at min) annually, but also keep a revision history 📝 #SecurityPolicyProTips #corporatesecurity

Keep an answer bank up-to-date, so your team can breeze through vendor security questionnaires and get to enjoy their weekends!

Customers want to know they can reach out to someone if they find a security or privacy issue with your service/product! Have a security@ and privacy@ list that goes to appropriate staff 📧 #thirdpartyriskmanagement #vendorsecurity #corporatesecurity