November 3, 2016 - 4:55pm
#1
I am wondering how everyone handles risk assessments for new vendors. I am wondering if I should have 2, one at a "high level" that weeds out the ones that don't have access to member data or will not affect day to day operations and are easily replaced. The second one that is more indepth and determines risk exposure etc.
Any feedback is appreciated.
Also, if anyone is willing to share their risk assessment I would be happy to share mine as well.
Thanks
