Vendor Risk Management

(powered by Privva)

Your vendors are part of your organization's capabilities -- as well as its cyber risks.  


In the time it will take you to pull together your vendor contracts and contacts, you can engage these important partners in your journey to a cybersecure organization.

We give you the tools to manage the process, or we can do it for you.

curved arrow sketched - left.png
Pick a Survey

What are your standards?


Whether NIST compliance, SOC Lite, CIS Top 20, GDPR, HITRUST or your own special brew, pick the standards important to you, and we'll build your vendor survey.

curved arrow sketched - left.png
List your Vendors

What are your vendor relationships?

Gather up your vendor contracts and contacts.  Create a profile for each one, and include your "cyber" relationship with each.  Do they host your data or documents?  Do you host their software, or are do you use their cloud offering?  Do they have administrative access to your systems?  This information helps us determine the level of cyber risk implicit in your relationship.

curved arrow sketched.png
Send the Invite

Why are you doing this, and when do you need it?

Your vendors are going to get this request from you by email, so let them know why you need it, how important cybersecurity is to your ongoing relationship... and gently let them know you'll be bugging them until you get their response!

curved arrow sketched - left.png
View Vendors Scores

How do they rate relative to your requirements?

Based on each vendor's response, we automatically generate a weighted score (and you can customize the weighting and scoring).  You can also dive into the individual responses, and if there is a question or an issue, you can launch a discussion thread right there, allowing you to manage and track vendor submissions from one place. No more spreadsheets and file folders! 

curved arrow sketched.png
Focus Vendors on Your Priorities

What do vendors need to do to comply?

Now that you and your vendors are on the same page regarding cybersecurity risks and readinesss, put it in writing.  We enable you to create a security roadmap, and we generate the security-related terms for your renewal contract.