Organizations today rely on hundreds, if not thousands, of vendors, third-party service providers (TSPs) and consultants to run their business. Often times, these third party vendors have access to sensitive customer information and with increasing security compromises making headlines in recent years., It is not surprising that most industries are now requiring vendors to abide by, not only their internal corporate standards, but also by federal and industry regulations surrounding privacy and security.
In fact, compliance regulations such as HIPAA, GLBA, PCI, SOX and others already mandate that corporate controls extend to third party providers and require organizations to perform regular and ongoing vendor risk assessment as part of the compliance process.
Rsam for Vendor Risk Management
Rsam is a web-based software solution that makes even the most challenging enterprise vendor risk assessment manageable. Rsam helps organizations automate vendor risk assessment, collaboration and review process; tracking each step of the process. Personalized, role-based dashboards monitor the progress and real-time, actionable reports provide visibility and help monitor compliance, identify issues and remediation efforts. Customers can also leverage Rsam's offline data gathering capability to capture vendor assessment data.
Rsam's unique object-oriented framework allows organizations to record and organize all the risk management data around a specific vendor such including findings from assessments, audits, contracts, SLA's, vendor financial information, incidents involving the vendor, findings from any vulnerability scans / penetration test results, and any other critical finding related to a specific vendor.
Deployment Options for Rsam Vendor Risk
Rsam provides several deployment options for automating vendor risk management process. All deployment options can leverage the Rsam offline data gathering capabilities. Options include:
Access BITS Shared Assessments Content within Rsam
Rsam integrated the Standard Information Gathering Questionnaire (SIG) content for vendor assessments with the Rsam Platform. Organizations can access the Shared Assessments controls within Rsam while taking advantage of Rsam's feature-rich technology and methodology. The Shared Assessments Control Template comes pre-mapped to other available control templates within Rsam, enabling customers to choose the most appropriate control sections or domains relevant to their environment. Customers can also add/import their existing content using Rsam universal import engine.