https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43413#M316 I’ve had a good experience with Aptible. Their GRC product has a new 3rd party assessment tool that comes with some built-in questions or you can have them upload your own questionnaire (e.g. from Excel). It allows you to assign a risk rating to each question and then to the overall assessment. The assessment can then be tied to the vendor record in their vendor management module. Thu, 18 Feb 2021 13:22:29 GMT joeadu 2021-02-18T13:22:29Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43384#M307 <P>We currently require our third parties to complete an Excel questionnaire as well as supply additional information for review.&nbsp;&nbsp; I'm researching vendors that have services online where third parties can complete questionnaires online and upload required information.</P><P>&nbsp;</P><P>Curious if anyone on here can recommend a service that is working out well.</P><P>&nbsp;</P><P>Thanks much.</P> Mon, 09 Oct 2023 09:48:10 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43384#M307 bspicer 2023-10-09T09:48:10Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43389#M310 Edit: I believe I misinterpreted your post with my original reply. My apologies!<BR /><BR />Knowbe4 has a GRC platform that can do that. It will send the questionnaire via email to the vendor and will auto save in the system when finished. It can even send on a predetermined schedule for convenience. Thu, 18 Feb 2021 03:22:27 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43389#M310 tmekelburg1 2021-02-18T03:22:27Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43400#M313 <P>Excel saves the day again! We would not be able to do security assessments with out it&nbsp;<span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Thu, 18 Feb 2021 02:40:45 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43400#M313 AppDefects 2021-02-18T02:40:45Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43408#M315 Hi,<BR /><BR />We use a tool called Whistic to do our vendor risk assessments. Link - <A href="https://www.whistic.com/" target="_blank">https://www.whistic.com/</A><BR />They are not great but not bad either and they help reduce dependence on excel sheets by a lot. Thu, 18 Feb 2021 11:15:43 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43408#M315 ArjitSrivastava 2021-02-18T11:15:43Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43413#M316 I’ve had a good experience with Aptible. Their GRC product has a new 3rd party assessment tool that comes with some built-in questions or you can have them upload your own questionnaire (e.g. from Excel). It allows you to assign a risk rating to each question and then to the overall assessment. The assessment can then be tied to the vendor record in their vendor management module. Thu, 18 Feb 2021 13:22:29 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43413#M316 joeadu 2021-02-18T13:22:29Z https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43432#M320 <P>The benefits of an Excel spreadsheet are undeniable.&nbsp; Security Scorecard's Atlas allows you to leverage ratings while tracking the questionnaire responses.&nbsp; Presenting benefits that outweigh the spend added to being able to automate the overall process may help to convince executive management.</P> Fri, 19 Feb 2021 03:49:40 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Third-Party-Vendor-Risk-Assessment/m-p/43432#M320 canLG0501 2021-02-19T03:49:40Z