Defense in Depth What's the Most Efficient Way to Rate Third Party Vendors?
Jul 3, 2025
Steve Knight, former CISO at Hyundai Capital America and a seasoned expert in third-party risk management, dives into the art of evaluating vendors. He emphasizes the importance of tailored assessments and moving past mere compliance metrics. The conversation highlights the balance needed between trust and rigorous vetting, and how interpersonal relationships can enhance vendor evaluations. Knight also champions the integration of Third Party Risk Management as a vital element of an organization's digital immune system, making it more than just a box-checking exercise.
AI Snips
Chapters
Transcript
Episode notes
Vendor Risk Is Highly Contextual
- Third-party risk varies based on each vendor's role and integration with your organization.
- Tailor risk assessment depth to the nature of the vendor relationship and operational impact.
Filter Vendors by Data Tier
- Tier vendors by the data they process to focus assessment efforts.
- Use checklists to train teams on key assessment failure points early.
Vendor Integration Time Varies
- Trustworthy vendors with SOC 2 reports and mature programs onboard quickly.
- Those lacking these often require much more time and deeper questioning.