When it comes to good security practices, compliance and documented policies require a top-to-bottom effort from management, operations, human resources, and the IT team. After all, the right security practices and solutions can be created and when a business can prove that solid policies and practices are in place, it provides peace of mind to its clients, partners, and auditors.
So, let's start from the beginning.
What do Vendor Management Packages have to do with a business' reputation?
No matter the specific line of business, it has become imperative to use various best-practice frameworks and compliance requirements to dictate an Information Security Policy. An Information Security Policy is often included in what businesses call Vendor Management Packets. Vendor Management Packets are often provided to prospective clients and/or those interested in partnering with a company. These packets, in addition to an Information Security Policy, often include:
- A reciprocal nondisclosure agreement
- Financial Statement or Annual Report
- Business Continuity Plan
- Industry Certification (such as a SOC 2 report)
As stated by the FFIEC1, an organization “should establish and maintain effective vendor and third party management programs…and ensure adequate due diligence for the engagement of these relationships and ongoing monitoring.”
I see the advantage of this approach every day on the front lines of new business partnerships. Organizations value the fact that, for over a decade, Systems Engineering has offered a Vendor Management Packet to our professional partners and prospective clients. Their eyebrows raise a little bit and you can see them thinking, “I want one of those.”
Test it out!
Include a section on Security Policy documentation in your next RFP and require the same of your business partners; ask for their Vendor Management Packet to see how organized and secure their business practices are. You might be surprised what you learn and how it affects the conversation and your business decisions.
You have an incredible opportunity to differentiate the value of your business by demonstrating to a prospective partner or client that you understand and have dedicated appropriate measures towards ensuring sound and secure policies and practices. It will always be the case that TRUST is fundamental to effective business relationships. In today’s technology-driven business world, an effective and mature approach is crucial to establishing these trusted partnerships.
Channing Arndt is a Business Development Manager at Systems Engineering, focused on partnering with businesses to create and design secure and streamlined network infrastructures.
1FFIEC IT Examination HandBook: Vendor and Third-Party Management
