Tech companies, including Uber and Twitter on Friday launched what they called the “first-ever” Vendor Security Alliance (VSA), a coalition to enable businesses to streamline their vetting process for vendors’ cybersecurity risks.
The VSA will bring together the “best and brightest” from leading tech companies such as Airbnb, Atlassian, Docker, Dropbox, GoDaddy, Palantir, Square, and Twitter, said Uber. This marks the first time the industry is uniting to solve vendor compliance challenges and freely share its work with other companies.
VSA aims to create cybersecurity standards that will help protect companies -big and small, new and old – from risks in a way that builds trust and accountability in the vendor community.
In September, experts from nine VSA companies will build a questionnaire to measure vendor cybersecurity risk, covering areas such as policies, procedures, privacy, vulnerability management and data security.
In October, VSA will make this first questionnaire publicly available for free. It will be used to determine the quality of a vendor’s cybersecurity practices, and to benchmark current practices inside the business.
Importantly, the VSA scoring process will help standardize acceptable cybersecurity practices for companies. “No more reinventing the wheel company by company, vendor by vendor,” said Uber.
Once complete, that questionnaire is evaluated, audited, and scored by an independent third party auditor working alongside the VSA. Points will be granted for sound practices and taken away for practices that could increase security risks.
Vendors can then use that score when seeking to offer their services to any business in the VSA, without the need for further audits. Each year the VSA will develop a new questionnaire, which will continuously raise the bar for vendors and hold them accountable for increasing cybersecurity standards.