How much longer do you think that the Procurement Team will escape accountability?<\/span><\/li>\n<\/ul>\n#5 <\/i><\/b>All open connections into my environment are well known and are properly managed and monitored<\/i><\/b>.<\/i><\/b><\/p>\n
Be careful \u2013 if you believe you are completely secured, you may miss something.<\/b><\/p>\n\n- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>External connectivity needs are changing all the time to support vendor engagements. Temporary connections are often left in place and become permanent and over time it\u2019s these temporary connections that are forgotten or don\u2019t properly protect data and can become a big data security risk.<\/span><\/li>\n
- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Precisely what happened at Target and Goodwill.<\/span><\/li>\n<\/ul>\n
#6 <\/i><\/b>My vendors signed contracts that assert that their security and privacy controls are strong and effective \u2013 so why do I need to do anything more to verify this?<\/i><\/b><\/p>\n
Common misconception.<\/b><\/p>\n\n- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Procurement should use an objective process to determine which vendors require a data security assessment.<\/span><\/li>\n
- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>The fact that a vendor asserts these claims won\u2019t protect you in the court of public opinion should a major data breach occur.<\/span><\/li>\n
- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Relying on Vendor attestations is never a good idea \u2013 even cherry picking, using the old-school Russian roulette process of assessing vendors is more reliable.<\/span><\/li>\n
- \u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Procurement should implement a <\/span>\u201ctrust but verify\u201d<\/b> model for long-term successful and safe vendor engagements.<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI […]<\/p>\n","protected":false},"author":124,"featured_media":45745,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[322,6],"tags":[],"yoast_head":"\n
6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro<\/title>\n<meta name=\"description\" content=\"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro\" \/>\n<meta property=\"og:description\" content=\"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"QuestionPro\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/questionpro\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-24T21:29:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-31T06:36:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2017\/07\/bigstock-Fact-Myth-signpost-isolated-110196236.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Paresh Amin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@questionpro\" \/>\n<meta name=\"twitter:site\" content=\"@questionpro\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paresh Amin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\"},\"author\":{\"name\":\"Paresh Amin\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/ae3c4c7274324fbd4a060a9582245edc\"},\"headline\":\"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk\",\"datePublished\":\"2017-07-24T21:29:26+00:00\",\"dateModified\":\"2023-01-31T06:36:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\"},\"wordCount\":753,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/#organization\"},\"articleSection\":[\"Assessments\",\"QuestionPro Products\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\",\"url\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\",\"name\":\"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro\",\"isPartOf\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/#website\"},\"datePublished\":\"2017-07-24T21:29:26+00:00\",\"dateModified\":\"2023-01-31T06:36:21+00:00\",\"description\":\"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.questionpro.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Surveys\",\"item\":\"https:\/\/www.questionpro.com\/blog\/category\/survey-software\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Assessments\",\"item\":\"https:\/\/www.questionpro.com\/blog\/category\/survey-software\/assessments\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#website\",\"url\":\"https:\/\/www.questionpro.com\/blog\/\",\"name\":\"QuestionPro\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.questionpro.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#organization\",\"name\":\"QuestionPro\",\"url\":\"https:\/\/www.questionpro.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2022\/10\/questionpro-logo.svg\",\"contentUrl\":\"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2022\/10\/questionpro-logo.svg\",\"caption\":\"QuestionPro\"},\"image\":{\"@id\":\"https:\/\/www.questionpro.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/questionpro\",\"https:\/\/twitter.com\/questionpro\",\"https:\/\/www.linkedin.com\/company\/questionpro\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/ae3c4c7274324fbd4a060a9582245edc\",\"name\":\"Paresh Amin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/140b46a169bf117dc2f27b8a6b916540?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/140b46a169bf117dc2f27b8a6b916540?s=96&d=mm&r=g\",\"caption\":\"Paresh Amin\"},\"url\":\"https:\/\/www.questionpro.com\/blog\/author\/pareshamin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro","description":"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/","og_locale":"en_US","og_type":"article","og_title":"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro","og_description":"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the","og_url":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/","og_site_name":"QuestionPro","article_publisher":"https:\/\/www.facebook.com\/questionpro","article_published_time":"2017-07-24T21:29:26+00:00","article_modified_time":"2023-01-31T06:36:21+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2017\/07\/bigstock-Fact-Myth-signpost-isolated-110196236.jpg","type":"image\/jpeg"}],"author":"Paresh Amin","twitter_card":"summary_large_image","twitter_creator":"@questionpro","twitter_site":"@questionpro","twitter_misc":{"Written by":"Paresh Amin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#article","isPartOf":{"@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/"},"author":{"name":"Paresh Amin","@id":"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/ae3c4c7274324fbd4a060a9582245edc"},"headline":"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk","datePublished":"2017-07-24T21:29:26+00:00","dateModified":"2023-01-31T06:36:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/"},"wordCount":753,"commentCount":0,"publisher":{"@id":"https:\/\/www.questionpro.com\/blog\/#organization"},"articleSection":["Assessments","QuestionPro Products"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/","url":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/","name":"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk | QuestionPro","isPartOf":{"@id":"https:\/\/www.questionpro.com\/blog\/#website"},"datePublished":"2017-07-24T21:29:26+00:00","dateModified":"2023-01-31T06:36:21+00:00","description":"Do Any of These Beliefs about Data Security Risk Sound Familiar? #1 If a vendor has been certified as PCI or HIPAA compliant, procurement can skip the","breadcrumb":{"@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.questionpro.com\/blog\/misconceptions-data-security-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.questionpro.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Surveys","item":"https:\/\/www.questionpro.com\/blog\/category\/survey-software\/"},{"@type":"ListItem","position":3,"name":"Assessments","item":"https:\/\/www.questionpro.com\/blog\/category\/survey-software\/assessments\/"},{"@type":"ListItem","position":4,"name":"6 Common Misconceptions Regarding Vendors\u2019 Data Security Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.questionpro.com\/blog\/#website","url":"https:\/\/www.questionpro.com\/blog\/","name":"QuestionPro","description":"","publisher":{"@id":"https:\/\/www.questionpro.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.questionpro.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.questionpro.com\/blog\/#organization","name":"QuestionPro","url":"https:\/\/www.questionpro.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.questionpro.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2022\/10\/questionpro-logo.svg","contentUrl":"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2022\/10\/questionpro-logo.svg","caption":"QuestionPro"},"image":{"@id":"https:\/\/www.questionpro.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/questionpro","https:\/\/twitter.com\/questionpro","https:\/\/www.linkedin.com\/company\/questionpro\/"]},{"@type":"Person","@id":"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/ae3c4c7274324fbd4a060a9582245edc","name":"Paresh Amin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.questionpro.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/140b46a169bf117dc2f27b8a6b916540?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/140b46a169bf117dc2f27b8a6b916540?s=96&d=mm&r=g","caption":"Paresh Amin"},"url":"https:\/\/www.questionpro.com\/blog\/author\/pareshamin\/"}]}},"featured_image_src":"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2017\/07\/bigstock-Fact-Myth-signpost-isolated-110196236.jpg","featured_image_src_square":"https:\/\/www.questionpro.com\/blog\/wp-content\/uploads\/2017\/07\/bigstock-Fact-Myth-signpost-isolated-110196236.jpg","author_info":{"display_name":"Paresh Amin","author_link":"https:\/\/www.questionpro.com\/blog\/author\/pareshamin\/"},"_links":{"self":[{"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/posts\/45642"}],"collection":[{"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/users\/124"}],"replies":[{"embeddable":true,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/comments?post=45642"}],"version-history":[{"count":1,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/posts\/45642\/revisions"}],"predecessor-version":[{"id":776570,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/posts\/45642\/revisions\/776570"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/media\/45745"}],"wp:attachment":[{"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/media?parent=45642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/categories?post=45642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.questionpro.com\/blog\/wp-json\/wp\/v2\/tags?post=45642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}