1. I would penalise the vendor until it meets agreed upon standards. 2. In parallel, i shall incorporate supplementary controls to manage the risk. I would definitely offer my support to vendor to fullfil the compliance needs.

Quando você descobre que as práticas de seguran?a de seu fornecedor n?o s?o adequadas as politicas e normativas praticadas pela sua empresa, o melhor a fazer é redigir um aditivo de contrato pontuando que as empresas fornecedoras devem ter a seguran?a atestada e declarada para assim estarem em conformidade com o padr?o de politicas da sua companhia, onde n?o havendo a atesta??o o contrato sofre penda de rescis?o.

When a vendor's security practices fall short, I assess specific issues like data handling and compliance. I engage them in a collaborative discussion, setting clear expectations for improvements and timelines. If they are uncooperative, I explore alternative vendors. I document our conversations and review the contract for relevant clauses to guide my decisions. I weigh the risks of continuing the partnership and, if we stay, I establish ongoing monitoring for compliance. Keeping internal stakeholders informed is crucial for maintaining trust and a unified security strategy.

If a vendor's security practices fall short, protecting your business must be the priority. Start with a security audit to pinpoint specific issues, then communicate your standards clearly, highlighting any gaps. Collaborate with the vendor on a plan to close these gaps, potentially including specific security upgrades and a clear timeline for compliance. If progress stalls, assess the risks of continuing the partnership and consider alternative providers who meet your standards. Proactively managing vendor security helps safeguard your data and uphold your security commitments.

When I discover vendor security gaps, I first document my concerns and assess their impact on our operations. I then have a direct conversation with the vendor, clearly outlining required improvements and timelines. If they can't meet our standards, I evaluate alternatives while considering costs and operational impacts. Sometimes I might need to accept and document certain risks, but I'll add extra controls on our end. Long-term, I strengthen our vendor security requirements and build regular assessments into our processes.