Systematically evaluate vendor risk across security controls, data protection, business continuity, compliance, and supply chain. Check off items as you assess each vendor.
Assess vendors before onboarding, at contract renewal, annually for critical vendors, and after any security incident involving the vendor. Also reassess when the vendor's services or your usage changes significantly.
The main categories are: security risk (data breaches, vulnerabilities), compliance risk (regulatory violations), operational risk (service disruptions), and reputational risk (vendor controversies affecting your brand).
Prioritize based on data sensitivity (vendors with access to personal or confidential data), business criticality (vendors whose outage would stop your operations), and integration depth (vendors connected to your core systems).
Manual assessments are point-in-time. Coax continuously monitors your vendors' security posture and alerts you to changes.