What Vendor Documents Are Needed to Assess Cybersecurity
As part of your third-party risk management program, you should collect and assess vendor cybersecurity documents. However, as you review the cybersecurity information provided, you'll notice that vendors often have a wide assortment of cybersecurity documents available.
Some cybersecurity documents, like SOC reports, are industry standard and will go by the same name at every organization, while other documents may be titled slightly different. To help, this infographic breaks down the types of evidence to collect.
Download the infographic to learn:
- Guidelines to help you understand what should be collected and reviewed for vendor cybersecurity risk
- 3 categories of cybersecurity documents from vendors to review
- Where to find the vendor's cybersecurity information that's needed