Are you attempting to do security or compliance, either from a vendor management or vendor’s point of view? These tasks don’t have to be an either/or proposition.
For the vendor-managers: It’s possible to reduce the effort of your security surveys while separating the good, struggling and ugly (without having to be the Man with No Name…) For the vendors, especially at smaller shops: It’s possible to do ‘good enough’ security and compliance within a budget and document it, too.
Examples of how to do it and how not to do it will be given.