01/23/2020

The Vendor Security Assessment (VSA): What You Need to Know

The State of Security

Requesting that a SaaS company answer a Vendor Security request has become a regular thing for companies who work in the cloud. But have you thought about how the reverse works, that is, when your customer has a VSA process focusing on you?

The Vendor Security Assessment, or VSA, is the means by which your infosec team confirms that a cloud vendor, or any vendor who might have access to your data, is going to be as careful with your data as you are. And of course, you are as careful with your customer’s data, protecting it from unauthorized access, alteration, or destruction. It would be very embarrassing, to say the least, for your customer’s data, code, or inner workings to be available to the internet at large through a vendor breach.

Most VSAs requests start with some internet research on the vendor and a questionnaire about their practices. Your ability to satisfy the potential customer about your security posture can make or break a sale.

What sort of questions are being asked? Well, as the concept of a VSA is still relatively new, each prospect asks questions a bit differently. Someday, there will be a standard form or even a certification with an annual audit. Until then, each VSA recipient needs to communicate what processes should give customers confidence in their ability to keep their information private, such as:

Read more...