S2Vendor depends on the cooperation of internal personnel called relationship owners to provide basic information on the vendor relationship. This role is important to capturing the scope of the vendor's project/service, which in turn, determines how thoroughly the vendor's information security is assessed. However, the relationship owner cannot be expected to be a vendor risk management expert and a pre-preemptive email to all relationship owners can go a long way to ensuring timely and accurate cooperation. 

We have started a process of assessing the risk of our vendors using a tool called S2Vendor by SecurityStudio®. This will ensure the safety of the information we handle both internally and for our customers. 

You will be receiving a welcome email shortly. Your role in S2Vendor is to complete a short questionnaire that captures 1) the vendor’s contact information and 2) the type of service/project the vendor does for our organization. Next year, you will be asked if there are any changes. Over time, this will ensure we always maintain accurate and up to date information on our vendor relationships. 

We ask that you take this responsibility seriously. Regulations require that we take the utmost care in protecting our customer’s information, and the information you provide helps us determine how much care we take in assessing a particular vendor’s security programs. Statistics vary but a recent survey by Soha Systems places the percentage of all data breaches linked directly or indirectly to third-party access at 63 percent!

Please help us minimize the opportunity for an incident by completing your questionnaire promptly. 

Feel free to reach out if you have any questions about our new vendor risk management process.

Thanks,