You’ve just been tasked with creating a vendor review management process at your company, but what does that even mean, and how are you going to do this? Do you need to buy a lot of expensive GRC software and hire an army of compliance staffers? This talk will explain what a vendor review process is and walk through setting one up at your company, using nothing more complicated than email, text files, and maybe some Slack and Google Forms.
Wendy Knox Everette (@wendyck) is a Senior Security Advisor at Leviathan Security Group. She has more than 15 years of experience as a software developer, software quality assurance engineer, and information security professional. She’s been involved in all aspects of the system development life cycle (SDLC) from requirements definition through implementation and operation as well as compliance gap analysis and risk assessment. As an information security consultant, she’s guided clients through creation of risk management programs tailored to fit their size and has extensive experience both sending and receiving vendor security questionnaires.