Risk Assessments of Third Party Vendors

The Risk Assessment phase of the Vendor Risk Assessment consists of seven risks that need to be addressed before making a decision.

These steps determine the risk you will assume with the Cloud or Software as a Service Provider that will have significant control over parts or all of your business.

Keep in mind that problems in any of these areas at your CSP or SaaS provider could well impact your business too.

• Financial Risk
• Operational Risk
• Reputational Risk
• Compliance Risk
• Legal Risk
• Disaster Risk
• Cyber Security Risk

Those risks could harm not only the CSP or SaaS provider, but also your business. Some of those potential effects include:

• Glitchy Software
• Poor Customer Service
• Poor Technical Support
• Downtime
• Laggy Performance
• Application Crashes
• Loss of Reputation / Goodwill
• Lost or Stolen Data
• Legal Exposure
• Bankruptcy
• Penalties and Fines
• More Stringent Oversight by Regulatory Agencies
• Total Service Loss during a disaster
• Data Held Hostage in Ransomware Attack

For Downtime, be sure to check the Service Level Agreement (SLA) for the amount of Uptime you are paying for. Most SMBs will be fine with 99.99% Uptime, which equals 52 minutes of downtime per YEAR, respectively.

For more information about performing a VRA on Cloud and SaaS vendors, grab your FREE copy of our e-Book, "Find Your Cloud 9's", which offers a mini-guide to the VRA process. 

To set up a Reference Interview on the questions you have about investing in new technology for your business, contact me at 302-537-4198, ericm@edminfopro.com or on our Contact form.