Vendor risk is where good intentions go to die in a spreadsheet. This week on Get NIST-y, we're tackling some user questions about third-party risk management (TPRM).
Question 1: How do companies actually run supplier and third-party risk assessments today, and what makes the process 10x easier?
Question 2: We have policies but nobody reads them. How do you get attestations done and track it without manual babysitting? Want to get your own questions answered? Head on over to https://blacksmithinfosec.com/ask