Your organization needs vendors to outsource tasks, and your vendors need you to grow their business. But what should be a simple business transaction between two parties can be hindered by cybersecurity requirements.
How to Communicate with Vendors
How you communicate with your vendors affects what kind of relationship you’ll have with them. Mutual respect, clear, open communication and reasonable expectations all contribute to better vendor relationships.
Establishing Effective Vendor Management Practices
Perhaps your vendor has an unpatched web server, a CMS vulnerability or another security gap. Whatever the issue, you want to be sure your organization will be secure, so your vendors must be secure as well. For this reason, you need to be able to communicate what needs to be fixed—and to do so clearly and quickly.
But communicating effectively with your vendors about cybersecurity can sometimes be riddled with challenges. Here are five key ways to facilitate the process.
1. Introduce Contacts.
It’s a simple step that can make a lot of difference: Identify the relevant person at your organization who will address your vendor’s security questions, and find out who will be handling security issues from the vendor’s side. Be sure to exchange contact information, including email addresses and phone numbers. If possible, arrange a face-to-face meeting. Clarifying the relevant parties will streamline the communication process considerably.
2. Use Live Chat.
Both you and your vendor want to get down to business quickly, so live chat is an effective way to ask questions and quickly respond to them. A third-party management solution like Panorays provides live chat between organizations and vendors that complete security questionnaires, allowing both parties to respond immediately. In addition, the chat has the added benefit of being auditable, which can help you comply with regulations and standards.
3. Be Clear.
Before sending a security questionnaire, let your vendor know its purpose, and if there are particular standards or thresholds that you expect your vendor to meet. It’s a good idea to send a personal note to the vendor beforehand explaining what the questionnaire is.
In addition, the security questionnaire that you send to your vendors should be easy to understand and complete. After the assessment, provide your vendor with documentation that clearly lists the security tests that were performed, the findings, and instructions for fixing any cyber gaps. Many vendors do not have dedicated security teams, so the documentation should be understandable to non-security personnel as well.
4. Involve Vendors.
Ultimately, improved cybersecurity helps vendors—not only because they can work with you, but because they can work with more customers. So encourage them to close their cyber gaps quickly and to reach out with any questions. It’s a good idea to provide access for your vendors to review their security findings so they have visibility into their cyber gaps and understand how to mitigate them.
5. Be Responsive.
Successful communication is a two-way street. Once your vendors have completed their security questionnaires, be sure to inform them of the results as soon as possible. If they have questions, make sure that your point of contact responds to them quickly. In particular, have a process in place to quickly investigate and remedy false positives.
Rapid responsiveness, vendor involvement, clarity, live chat and points of contact can ensure that you and your vendor start doing business together quickly.
Want to learn how Panorays helps organizations effectively engage with vendors? Contact us today.
Hila Yerushalmy is a Customer Success Manager at Panorays.