fadaly.net/work/thirdpartyrisk
VENDOR RISK
VENDORS.
22 vendors scored across security, financial, concentration, and data sensitivity.
7 high-risk vendors due for quarterly review.
1 low-risk vendor handling our most sensitive PII (Tier 1 by data, Tier 4 by review).
Vendor tiering by spend instead of data sensitivity is how breaches happen.
TP-019 · Mercury Cloud Backups
RESCUE
Tier 4 (low spend) · holds PII backups · last review 2024-08.
Re-tier to high, schedule full TPRM, escalate to CISO.