Your checklists (
0
)
AI Checklist Generator
From the makers of
Manifestly Checklists
Sign in
Email address
Email me a magic link
Home
> vendor security
vendor security
1. Vendor Assessment
Identify potential vendors and their services.
Conduct background checks on the vendor's reputation and financial stability.
Review vendor's security certifications (e.g., ISO 27001, SOC 2).
Assess vendor's experience with similar clients and industries.
2. Security Policies and Procedures
Request documentation of the vendor's security policies.
Review the vendor’s data protection measures and protocols.
Confirm the existence of an incident response plan.
Evaluate the vendor's compliance with relevant regulations (e.g., GDPR, HIPAA).
3. Data Handling and Privacy
Clarify the types of data the vendor will have access to.
Assess how the vendor handles data encryption and storage.
Verify the vendor's data retention and deletion policies.
Ensure the vendor has a clear privacy policy in place.
4. Access Control
Evaluate the vendor's access control measures for employees.
Determine how the vendor manages user permissions and authentication.
Confirm the implementation of multi-factor authentication (MFA).
Assess the process for onboarding and offboarding vendor personnel.
5. Third-party Risk Management
Investigate the vendor's own third-party relationships.
Assess how the vendor evaluates the security of its subcontractors.
Request information on any third-party audits conducted.
Evaluate the vendor's approach to managing third-party risks.
6. Ongoing Monitoring and Review
Establish a schedule for regular security assessments of the vendor.
Determine how the vendor reports security incidents or breaches.
Assess the vendor's performance against agreed-upon security metrics.
Ensure continuous communication regarding security updates and changes.
7. Contractual Agreements
Review and negotiate security clauses in the vendor contract.
Include terms for liability and responsibilities in case of a data breach.
Ensure the contract specifies security audit rights.
Confirm the presence of termination clauses related to security concerns.
8. Training and Awareness
Inquire about the vendor's employee security training programs.
Assess the frequency and content of security awareness training.
Confirm that the vendor has protocols for handling security incidents.
Evaluate the vendor's commitment to ongoing security education.
Download CSV
Download JSON
Download Markdown
Use in Manifestly
Use in Manifestly