Vendor Compliance Assessment FAQs
How much does a vendor compliance assessment cost?
Pricing for a risk assessment depends on scoping factors, including business applications, technology platforms, physical locations, the number of third parties that you are auditing, and if the assessment is combined with any other audits.
How often does a vendor compliance assessment need to be performed?
Industry standard is to perform a vendor compliance assessment annually, when significant changes are made that will impact the control environment, or when you begin or end a relationship with a vendor. Any frequency less than that typically indicates that the organization has not been properly mitigating vendor risk.
What are some examples of controls that are assessed during a vendor compliance assessment?
During a vendor compliance assessment, controls that related to asset management, physical and environment security, access control, incident response, and other information security controls are reviewed and tested.