New Common Vendor Assessments Validate Supplier Cyber Security

Information Shield

Vendor Cyber Risk Summary in ComplianceShield

Information Shield announces new Vendor Assessment Library and Supplier Cyber Risk Automation

We created the Common Vendor Assessments to dramatically simplify the process of vendor validation while producing more robust, consistent results.”

— David Lineman, CEO Information Shielc

SUGARLAND, TEXAS, UNITED STATES, February 22, 2024 / — Information Shield today announced the release of the Common Vendor Assessments (CVA)™. This new program and set of cyber assessments dramatically simplifies the process of evaluating the cyber security posture of third parties. Unlike other complex solutions with hundreds of questions in complex spreadsheets, the Common Vendor Assessments can streamline cyber validation based on controls that are appropriate for smaller and medium-sized companies.

“Current methods of validating third party security are costly and inconsistent,” said David Lineman, President of Information Shield. “All common cyber laws and frameworks (ISO 27002, HIPAA, FTC, SEC, CMMC) require validation of third-party risk. Yet we see many companies struggling to answer large 200+ question “assessments” that are often total overkill for the business being assessed. We created the Common Vendor Assessments to dramatically simplify the process of vendor validation while producing more robust, consistent results.”

Managing Third Party Cyber Risks

Businesses are facing a common problem across all industries: How can we validate the cyber risk of vendors and suppliers? Today’s validation methods are costly and slow. For example, SOC II reports and ISO 27001 Certification can take months of effort and cost tens of thousands of dollars. The Shared Assessments and other frameworks are complex. This dramatically slows down the vendor evaluation process. This is especially challenging when many vendors are small and medium-sized business that do not have the resources to complete large assessments.

Advantages of the Common Vendor Assessments (CVA)

Using the Common Vendor Assessments can dramatically reduce the cost of vendor risk management and produce more meaningful results. These are just a few of the advantages of the new assessment system versus traditional methods:
1. Business-Appropriate Assessments – Assessments are designed to better match the size, scope and type of organization being assessed (for example, SaaS, Virtual, privacy)
2. More Robust Results – The Common Vendor Assessments are designed to enable vendors to actually complete the cyber risk assessment with quality answers. Vendors can easily use the answers and evidence from one assessment to answer those of other Customers.
3. Regulatory Control Mappings – All assessment questions mapped to the Common Control Library with multiple regulatory mappings.
4. Vendor Assessment Automation – Assessments are automated via the Compliance Shield platform, dramatically reducing the cost of distributing and tracking cyber assessments.
5. FREE with ComplianceShield – The CVAs are included within the Compliance Shield software license. No need to pay for separate licenses.

The Common Vendor Assessments are included as part of the Vendor Risk Management features of the Compliance Shield cyber automation platform. The Vendor Risk Management process is also supported by pre-written security policies and procedures, directly linking VRM functions to regulatory controls.

Directly Supports the Cyber Certification

Vendor organizations that pass the CORE Cyber Assessments can save thousands validating their program with the Information Shield Certification. The current “state of the art” of validating information security is the SSAE 18 SOC Audit, which is very complex and typically runs from $25K to $100K does not scale well for Small and medium sized businesses. Organizations that pass the CORE Cyber Certification assessment are ready for a 3rd party audit. Using the Common Vendor Assessments and the Cyber Certification, organizations can save thousands of dollars and months of effort.

Vendor Risk Management in Compliance Shield

The Common Vendor Assessments are included within the Compliance Shield Enterprise license. Compliance Shield helps automate the entire Vendor Risk Management process, including the security policies and procedures that document the vendor management process. Vendor risk management functions are tied directly to Common Controls that are mapped to multiple regulatory frameworks including ISO 27002, NIST CSF, CMMC, HIPAA and others.

Other key features of Compliance Shield that support vendor risk management:
1. Vendor Risk Management Automation
2. Vendor Cyber Risk Scoring
3. Vendor Risk Security Policy Development and Management
4. Vendor Incident Response and Tracking
5. Vendor Security Awareness Training

A free trial of ComplianceShield is available by registering at the Information Shield web site.

David Lineman
Information Shield
+1 713-443-8428
email us here
Visit us on social media: