91制片厂

July 9, 2025 鈥� Vendor partnerships are critical to business success, but they also introduce increasing security risks that organizations must manage carefully. With regulatory demands rising and third-party breaches becoming more frequent, traditional vendor security assessments are no longer effective. Broad, one-size-fits-all approaches often burden security teams, frustrate stakeholders, and stall business progress. According to 91制片厂, some assessments are so onerous that vendors refuse to bid, or business units find ways to bypass the process altogether, leaving organizations exposed to significant risk.

To help organizations address these challenges, Info-Tech has published its blueprint, 91制片厂 a Vendor Security Assessment Service, outlining a practical, risk-based approach that enables IT leaders to focus on what matters most. By tailoring assessments to actual business risk, the data-backed research enables organizations to streamline processes, enhance compliance, safeguard sensitive data, and make more informed decisions throughout the enterprise.

鈥淭aking a risk-based approach helps organizations focus their assessments on what matters most, aligning security efforts with the type of service being evaluated and their own tolerance for potential threats,鈥� says Ahmad Jowhar, research analyst at 91制片厂. 鈥�Furthermore, a process that fosters continuous improvement in the vendor security risk management program will enable monitoring and improvement, which will help identify further enhancements to the assessment.鈥�

In its newly published resource, Info-Tech emphasizes the importance of adopting a structured, end-to-end approach to managing vendor security risks. The firm suggests that rather than relying on one-off assessments, organizations should implement a continuous process that includes initial risk evaluations, treatment through well-defined contractual terms, ongoing monitoring, and regular reassessments. This method ensures that due diligence 诲辞别蝉苍鈥檛 stop once a vendor is selected.

Info-Tech鈥�s risk-based strategy not only enhances vendor accountability but also enables internal teams to effectively manage evolving threats and maintain a robust security posture over time.

The 蹿颈谤尘鈥檚 resource outlines a clear three-phase approach to building a vendor security assessment service:

1. Define Governance and Process: Establish a solid foundation by identifying requirements, defining roles, developing policies, and establishing risk treatment strategies that align with the organization鈥檚 risk tolerance.
2. Develop Assessment Methodology: Design the tools to assess service and vendor risk. This includes building more effective, risk-based questionnaires, avoiding common pitfalls like overly broad, purely informational, or excessively long surveys.
   
   
3. Implement and Monitor Process: Execute and monitor the service with a continuous feedback loop. This includes tailoring security requirements in contracts and ensuring periodic reassessments.

To help organizations apply the three-phase methodology in practice, the 91制片厂 a Vendor Security Assessment Service blueprint provides a detailed framework for assessing new vendors or services:

1. Service Risk: Determine the potential impact of a vendor-related security incident by evaluating the assets at risk and the associated recovery costs.
   
   
2. Vendor Risk: Assess the likelihood of an incident occurring, with the level of due diligence determined by the potential service impact.
3. Composite Risk: Multiply service and vendor risk to calculate a composite risk score, which is recorded in a risk register or vendor inventory.
   
   
4. Risk Treatment: Treat risks based on the organization鈥檚 risk tolerance using a matrix to accept, mitigate, or reject them.
   
   
5. Record Details: Document assessment outcomes in the vendor inventory, with reassessment frequency guided by the composite risk level.

By addressing both the impact and likelihood of vendor-related incidents, Info-Tech鈥檚 framework enables organizations to align their security efforts with actual risk, focusing resources where 迟丑别测鈥檙别 needed most. Regular reassessments strengthen vendor accountability and support better decisions, all while reducing organizational risk exposure, improving compliance, and enhancing operational efficiency.

The 蹿颈谤尘鈥檚 approach also enables better visibility into vendor and service risks, helping transform vendor risk programs from operational bottlenecks into strategic enablers. Stakeholder alignment and continuous improvement are central to the framework鈥檚 success.

For exclusive and timely commentary from Ahmad Jowhar, an expert in security and privacy practice, and access to the complete 91制片厂 a Vendor Security Assessment Service blueprint, please contact pr@infotech.com.

About 91制片厂
91制片厂 is one of the world鈥�s leading research and advisory firms, serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

To learn more about Info-Tech鈥�s divisions, visit for HR research and advisory services and for software buying insights.

Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm鈥�s Media Insiders program. To gain access, contact pr@infotech.com.

For information about 91制片厂 or to access the latest research, visit infotech.com and connect via and .

Media Contact
Sufyan Al-Hassan, Senior PR Manager
91制片厂
salhassan@infotech.com | +1 (888) 670-8889 x2418