.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
Available on
Podcast Transcript
In this 90-second podcast, we’re going talk about how vendor questionnaires and vendor assessments differ.
At Venminder, we have a team of certified industry experts who specialize in developing comprehensive risk questionnaires as well as assessing risk for organizations of all sizes and all industries.
Often, “questionnaire” and “assessment” are used interchangeably; however, when it comes to third-party risk management, they are not one in the same.
You may be wondering why. Here’s the main difference:
A vendor questionnaire is a series of questions used to help with evaluating or assessing overall risk. Questionnaires are a central part of due diligence and ongoing monitoring. Your questionnaires will inform your risk assessments.
A vendor assessment is taking the information from the questionnaire, analyzing your vendor’s responses and calculating the overall risk the vendor, product or service brings to your organization.
This is because to properly assess those risks, vendors must fill out the questionnaire to answer critical questions such as:
- What due diligence is performed on your contractors?
- Is there a formal business continuity and disaster recovery plan in place?
- Do you have an active pandemic plan?
- Describe your information security program?
- How is retired digital media disposed of?
- Are employees and contractors required to attend security training?
So, there you have it: in a nutshell, a questionnaire is a component of an overall risk assessment for each vendor. Simply filling out a questionnaire does not suffice.
Thanks for tuning in; catch you next time!
