When you hire a new organization for some IT work, do you really know about their vendor security practices? Well, if you are Google, you certainly do. Before anyone can get business from Google, they are asked to fill out an extensive questionnaire detailing their security posture.
While you probably don’t want to create something quite as extensive for your own purposes, the Google Vendor Security Assessment Questionnaire (VSAQ) serves as a solid model if you are looking to contract out IT security work. But there is another reason to look at the VSAQ too: The process of filling out the form and answering these questions can serve as a good security framework for any IT manager to evaluate their own organization’s security weaknesses and gaps.
Leave a reply