A recent Ponemon study found that only 34% of companies maintain a comprehensive list of their vendors. 69% of the participants in the study blamed “a lack of centralized control” as the key factor as to why a comprehensive inventory had not been created. Security departments must take a leading role in these situations in order to effectively manage the risks they are inherently exposed to. Vendor risk is not one-size-fits-all. Classifying vendors by Tier so you can ask relevant questions during your security review process is a critical step in the vendor risk management program lifecycle. Privva has a 4-tier vendor classification system based on data access, network or physical access an