Rapid third-party risk check

Sometimes you have to evaluate a vendor to see if it's safe to work with them. When you're still small, you don't have time for an onerous process.

You can reduce the number of evaluations by asking the following 3 questions:

1. What kind of data will they process?

Don't waste time investigating vendors you don't need to trust with sensitive information.

2. What's our standard for protecting this kind of data?

For a given data sensitivity level, they shouldn't do worse than you. It's okay if they do as good, it's great if they do better.

3. Do we have any reasons to believe they might not hold the same standard as us?

If your standard for security is high, chances are you had to prove that to your clients before. How did you do it? Match the level of assurance that you give.

You might not have all the information today. But you can always re-evaluate your decision in the future. Documenting your decision will help you do that, and it will demonstrate that you have considered your options wisely.