Vendor security assessment reference

Based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, Osano’s Vendor Security Assessment allows users to understand an organization’s current cybersecurity posture, to assess vulnerabilities, and to understand what measures may be necessary to mitigate them. Respondents answer questions about their organization’s ability to identify and detect cybersecurity threats and how they respond to and protect against such threats. In conjunction with the Vendor Privacy Assessment, it allows users to get a fuller understanding of the risks working with vendors may entail.

Identification. Respondents will describe the cybersecurity structures in place at their organization including relevant policies, procedures, roles, and certifications. They will also provide details on how cybersecurity vulnerabilities are identified, evaluated, and prioritized.

Protection. In this section respondents will detail measures and policies in place at their organizations to protect data from threats. 

Detection. This section provides information about programs to detect vulnerabilities and cybersecurity events.

Response. In this section respondents detail the procedures in place to respond to and learn from cybersecurity incidents.