Vendor compliance was another challenge, particularly with long-time partners that had never been asked for extensive security documentation. GRU addressed this by reaching out directly to vendors to explain how to comply with GRU’s new standards. Additionally, GRU created a vendor scoring system that continuously monitors vendors’ security posture for potential risks.
“Once we addressed cultural resistance, vendor compliance, and documentation, all parties involved began to recognize the program’s value,” says Banks.
The impact: Decreasing vendor risk, increasing efficiency
Since launching VSRA, GRU has formally assessed 144 vendors, producing 32 risk exception reports. In two-thirds of those cases, GRU avoided the risk entirely by choosing alternative vendors.
