Expanding our global footprint with Ian Thornton Trump as our first CISO in the UK LEARN MORE >

Services

We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.
 

Learn more

Partners

We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story

Resources

Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
June 18, 2019
By: Inversion6

Six Vendor Management Best Practices for Successful Third Party Relationships

Inversion6 provides expert CISO security services, network solutions, security products, and storage solutions. Put your technology to work with Inversion6.


Be Proactive with Vendor Management — Not Reactive

If you’re a company that uses a third party for an information security-related function within your business (and with nearly 77 percent of companies using at least one, it’s likely that you are), then you’re aware of the obligation you have to protect your customers’ data as well as your own. It’s not just a good business decision — it’s quickly becoming the law. More and more U.S. states are hopping on the GDPR train, developing and quickly implementing their own consumer privacy acts and legislation.

And while privacy and security are absolutes, you still have a business to run. It can be difficult to keep up with all of the new requirements and policies being put into place, especially when you’re trying to both keep your customers happy as well as find new technology solutions that make your internal workflow easier and more efficient.

It’s because of this that many companies defer to vendor management questionnaires that have already been developed, even though they may not cover questions that are critical to their operations (or ask questions that have no connection whatsoever). Not only is this practice putting your organization in harm’s way, but it’s also putting your customers in harm’s way, too. Reviewing vendors against criteria that isn’t specific to your business doesn’t help you or give you a good understanding of the vendor.

Let’s take a look at six vendor management best practices that companies who are looking to hire third parties for technology or information security support, can use to save time and make the process more efficient overall.

1. Scoping

Say you’re looking for Cloud-based storage. Great! This saves your company on servers and other storage solutions by outsourcing. But there are literally hundreds to choose from. Is it really worth your time to build a list and have a vendor manager send his or her questionnaire to all of them? No. 

Scoping helps to define the type of vendor that you need based on the services that you’re looking for. Business leaders should be engaged in this process with the guidance of IT and information security teams. In this example, how your data is stored and is accessed matters. Understanding how a vendor does that (ahead of issuing a more detailed questionnaire) will help you know if this vendor is a good fit.

2. Discussion

Our next vendor management best practice is simply the art of talking. The vendor management process cannot and should not be a paper trail or email chain. Meaningful conversations need to take place within your organization and with the vendors you’ve identified through the scoping process. By properly scoping prospective vendors, you’ll have a better idea of who you could be working with. From there, they should be discussed internally, with any red flags, concerns, or specific questions being determined prior to a questionnaire being issued.

3. Collaboration

Communicating internally and upfront with your vendor(s) early on in the process is important, but as you get further along, additional risks or concerns may arise that you previously weren’t aware of. Just because something unexpected arises doesn’t mean the vendor should be eliminated from the running or terminated. Collaborate with your vendor. Understand why they do things the way they do. There may be a reason. They may be required to handle information a certain way as part of their business model.

4. Integration

We don’t mean the technology kind of integration. We mean the people kind. If you’re in vendor management or IT, and another internal team or department needs a vendor, it will be extremely valuable to get involved as early as possible. Understand why they need a vendor. Is there another company already approved whose engagement could be expanded? If a new vendor is necessary, work with that department on what the ideal vendor looks like. Use this to refine your search (scoping) as well as your process.

5. Automation

Once a vendor is selected and engaged, one of the most efficient vendor management best practices you can implement is automation. This makes the process going forward for you, the department in need, and the selected vendor. What systems do you have in place to help with this? Consider the tooling you have available, and work with IT to understand capabilities. If you have a vendor management platform in place, set up the necessary steps, checks, processes, and so on within it to make your life easier.

6. Validation

Ultimately, the worst thing you can do is to identify a vendor, engage them, and then forget about them. Falling into this trap is far too easy. People get busy and forget to check on the work a vendor is doing — until it’s too late and something important has fallen through the cracks. What is your system for auditing like? Is the vendor able to audit themselves (and should they)? Will on-site reviews be needed? When you receive the initial questionnaire back early on in the process, is it worth following up on it later to ensure the answers are still valid and accurate based on what’s been done.

Expert Support for Expert Solutions

At Inversion6, we believe in partnership. Our chief information security officers work closely with your organization across multiple departments and levels to ensure vendor management best practices are being followed for the best information security results. More importantly, we help companies become more secure internally first prior to sharing or accepting data from third parties — all as part of a greater, long-term information security strategy. 

Fill out the form below to learn more about our CISOs and how we can help you.
 

Post Written By: Inversion6
Inversion6 and our team of CISOs are experts in information security, storage, and networking solutions. We work alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT