An organization is implementing a third-party risk management program. Which TWO are essential components of the initial vendor risk assessment process?
Questionnaires gather information about the vendor's security practices.
Why this answer
Initial vendor assessments typically involve security questionnaires to gather information and review of SOC 2 reports to verify controls. These are foundational due diligence steps.