Cyber Security blogs

  • Home
  • /
  • Blog
  • /
  • What is a Vendor Risk Management managed service?
July 14, 2020

According to recent research from EY, 30% of organisations have experienced third-party breach in the last two years. That is why Vendor Risk Management (VRM) is now so important for all companies. But why should you look at outsourcing that function rather than doing it yourself? 

What do we mean by a VRM managed service? 

A Managed service is the practice of outsourcing the responsibility for maintaining, and anticipating need for, a range of processes and functions in order to improve operations and cut expenses. Vendor Risk Management is an area of growing concern within many companies as the risks that third parties can pose become more apparent. But setting up your own holistic VRM function takes time, money and expertise - many companies are finding that getting a specialist company to do that for them enables a greater benefit more quickly. C2 Cyber has put together a helpful Value Assessment Calculator that shows some of the relative benefits that can be attained.

How can a managed VRM service help your company? 

There are several ways that a Vendor Risk Management service can help your business. Below, we have highlighted the key benefits. 

  • First of alla vendor risk management service can help your company a vendor before you outsource a critical function to them,  
  • It can develop plans to manage your relationships with third-party vendors which outline the strategic purposes of relationship and assess the complexity of the arrangement.  
  • A VRM service can develop a model which identifies must-have risk outcomes and defines risk processes and workflows.  
  • As well as these three things, a VRM service can provide you with a comprehensive management programme which can allow you to enjoy more collaborative supplier relationships, better compliance, and the responsiveness your company will need.  

At C2, we have a product called COBRA, which assesses the security of a possible vendor and ranks it. Our product also includes a centralised communications platform, making it easier to address vulnerabilities that a potential third party may have. 

All these factors  can help you to anticipate and mitigate risk before it causes serious damage to your operations or public reputation. If you want to know more about how to implement a VRM programme quickly, discover our blog dedicated to it.  

When assessing a vendor, it is important to understand how the vendor fits into the overall context of your organisations projects and goals. At C2, we do this by defining VRM risks and workflows and identify must-have risk outcomes. Third-party relationships can range from a small one-off project with an independent contractor to an ongoing vendor relationship with a large multinational. 

Vendor risk management is an important part of the overall risk management process and your business needs to know who is in your end-to-end supply chain and what the overall risk is to that chain. This was another reason why we at C2 created COBRA; so that businesses can better understand who is in their supply chain. This leaves clients confident that they can manage the capability they have acquired. 

What are the risks for me to work with Third-Party vendors 

Vendors pose many risks which can be financial or compliance-related. A company’s use of third parties does not diminish the responsibility of senior management or partners to ensure that the outsourced activity is performed in a safe and sound manner and in compliance with applicable laws.  

If a vendor is handling sensitive information about your company, it is your responsibility to ensure that your data is protected.  At C2, we assess the risk by looking at a vendor by taking into account the vendor-customer context, existing indicators of risk and vendor responses to questionnaires tailored to that context.  

Ever increasingly we at C2 are looking at 4th and 5th….nth parties (suppliers to your suppliers), especially where you have engaged a prime/large outsourcing firm. The rule of thumb is to keep travelling down the vendor chain until the information is no longer identifiable as either yours, or your clients.  

This combination of questionnaires and the ranking of a vendor’s security will give your company a richer, more complete and self-certified picture of your company’s vulnerabilities.  


If 30% of organisations have experienced a third-party breach within the last 2 years, there are some solutions to help your company work safer with their Third-Party vendors. Everyone should be aware of the risks and dangers, as well as the appropriate steps to mitigate them. However, we are conscious that it is a lot of hard work. That is why C2 provides its service to help companies work in a safer environment with suppliers.  

I would like to book an appointment

Need some more security tips?

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
__CONFIG_local_colors__{"colors":{"8b2fd":"Snuff","edb1a":"White Lilac","83d40":"Ship Cove","20090":"Scampi","4f35b":"Rose White","b98f0":"Turquoise","772bd":"Turquoise"},"gradients":{}}__CONFIG_local_colors__