Twitter, Dropbox, Uber and several other major tech companies have joined forces and launched the Vendor Security Alliance (VSA), a coalition whose goal is to improve Internet security.
The VSA aims to help organizations streamline their evaluation processes for vendors through a standard questionnaire designed to assess security and compliance practices.
Companies will be provided a yearly questionnaire that will help them determine if a vendor has all the appropriate security controls in place.
The first questionnaire, created by security experts and compliance officers, will be made available for free on October 1. It will measure vendors’ cybersecurity risk level, including procedures, policies, privacy, data security and vulnerability management.
“Once complete, that questionnaire is evaluated, audited, and scored by an independent third party auditor working alongside the VSA,” explained Ken Baylor, head of compliance at Uber. “Points will be granted for sound practices and taken away for practices that could increase security risks. Vendors can then use that score when seeking to offer their services to any business in the VSA, without the need for further audits.”
“The VSA will also enable companies to save time and money through the use of a standardized cybersecurity evaluation with real-time answers. The current way of evaluating cybersecurity risks and approving vendors can take several months – the new VSA process cuts the process down to minutes,” Baylor added.
A vendor security assessment questionnaire (VSAQ) is also available from Google. The search giant announced earlier this year that it had decided to open source its VSAQ framework, which the company has been using to evaluate the security and privacy posture of its third-party vendors.
Related Reading: Businesses Doubtful That Vendors Would Disclose a Breach
Related Reading: The Three W’s of Re-evaluating Your Network Security Vendor
Related Reading: Facebook, Partners Unveil Alliance on Cybersecurity