Risk level for vendors

The vendor risk level is determined by your organization and can be marked by low-risk, medium-risk, and high-risk. Secureframe will recommend a risk level for each vendor after you fill out their vendor assessment information. 


Here are additional guidelines for determining those risk levels:

  • High: High-risk vendors are those that can have a serious impact on your business such as cloud infrastructure services, databases as a service, version control, and email service. In addition, any service that stores sensitive customer data, beyond just the customer name or basic information, should be designated as high-risk.
  • Medium: Medium-risk vendors are those that may store your own employee PII and knowledge tools such as Lever, Gusto, Trinet, or Notion to store confidential information.
  • Low: Low-risk vendors are those that don’t store sensitive information. Examples of low-risk vendors are design or video tools such as Figma, Zapier, Zoom, etc.


Was this article helpful?

Have more questions? Submit a request



Article is closed for comments.