Simplifying Third-Party Vendor Risk Assessment

Security lock in computer screen

Whether it’s a supplier, a provider, or a partner organization, third-party vendors allow businesses to provide a wide variety of products and services to their customer base. However, when it comes to cybersecurity, the more vendors you share your data with, the higher the risk you face.

Determining what security requirements you should ask of your vendors is one issue.  From your vendors’ point of view, they in turn need to figure out how to accommodate what could be an incredibly wide variety of unique requirements from different customers.

To help resolve this dilemma, a number of market-leading companies, including Google, Slack, Salesforce, and more, have come up with a better way to navigate cybersecurity needs between businesses and vendors. They have proposed that all organizations should adhere to a well-thought-out, clearly defined set of parameters for security. Learn more about the Minimum Viable Secure Product (MVSP) below.

Introducing the Minimum Viable Secure Product (MVSP)

The Minimum Viable Secure Product (MVSP) is a checklist created to ensure that B2B operations are safe and secure for both vendors and businesses. The MVSP was designed to be relatively simple and easy to use. It contains the minimum measures that must be implemented in order to provide reasonable security.

The MVSP draws inspiration from a variety of sources, including the Vendor Security Model Contract (VSMC) from Dropbox, and Google’s Vendor Security Assessment Questionnaire (VSAQ). Since it is a minimum list, businesses handling delicate or sensitive information are advised to take additional security precautions as needed.

When to Use the Minimum Viable Secure Product (MVSP)?

The Minimum Viable Secure Product can be used in a variety of situations where businesses and vendors overlap, including:

  • Requests for Proposals (RFPs). The MVSP offers a streamlined set of expectations that can easily be included in any RFP.
  • Self-Assessments. Small businesses can use the MVSP to assess their own security protocols without the need for substantial compliance audits.
  • Third-party Security. Businesses with multiple vendors may choose to use the MVSP to assess and address the security of their existing vendors.

Who Should Use the Minimum Viable Secure Product (MVSP)?

As the baseline for security for both vendors and businesses, the MVSP can be used by:

  • Compliance teams, to assist with process documentation and team training.
  • Legal teams, as a way to improve efficiency during contract negotiations.
  • Security and procurement teams, as a way to vet and approve vendors.

The Minimum Viable Secure Product (MVSP) checklist includes a wide variety of items such as having a specific password policy in place; displaying a list of those with access to data on your website; providing training to reduce the risk of vulnerabilities, and many more points.

Cybersecurity should be a top priority for any organization, especially for those that work with third-party vendors. The team at BSC Solutions Group is here to help with all your cybersecurity needs, from auditing and assessing your existing setup to addressing any issues with the appropriate practices. Visit our website or call 1-(800)-958-2341 for a free consultation today!