cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bspicer
Newcomer I

Third Party/Vendor Risk Assessment

We currently require our third parties to complete an Excel questionnaire as well as supply additional information for review.   I'm researching vendors that have services online where third parties can complete questionnaires online and upload required information.

 

Curious if anyone on here can recommend a service that is working out well.

 

Thanks much.

5 Replies
tmekelburg1
Contributor II

Re: Third Party/Vendor Risk Assessment

Edit: I believe I misinterpreted your post with my original reply. My apologies!

Knowbe4 has a GRC platform that can do that. It will send the questionnaire via email to the vendor and will auto save in the system when finished. It can even send on a predetermined schedule for convenience.
AppDefects
Community Champion

Re: Third Party/Vendor Risk Assessment

Excel saves the day again! We would not be able to do security assessments with out it 😉

Re: Third Party/Vendor Risk Assessment

Hi,

We use a tool called Whistic to do our vendor risk assessments. Link - https://www.whistic.com/
They are not great but not bad either and they help reduce dependence on excel sheets by a lot.
joeadu
Viewer II

Re: Third Party/Vendor Risk Assessment

I’ve had a good experience with Aptible. Their GRC product has a new 3rd party assessment tool that comes with some built-in questions or you can have them upload your own questionnaire (e.g. from Excel). It allows you to assign a risk rating to each question and then to the overall assessment. The assessment can then be tied to the vendor record in their vendor management module.
canLG0501
Newcomer III

Re: Third Party/Vendor Risk Assessment

The benefits of an Excel spreadsheet are undeniable.  Security Scorecard's Atlas allows you to leverage ratings while tracking the questionnaire responses.  Presenting benefits that outweigh the spend added to being able to automate the overall process may help to convince executive management.