Description
Annual security assessment of critical third-party vendors and service providers.
Requirements
- Identify critical vendors
- Send security questionnaires
- Review vendor SOC 2 reports
- Assess vendor risk levels
- Document remediation requirements
Applicable To
All Organizations with Third-Party Dependencies
Penalty Information
âš Required by SOC 2, ISO 27001, NIST, and most compliance frameworks.