The vendor security evaluation framework provides questions that organizations need to ask to accurately assess a third-party’s security and privacy readiness, Google said.
Google has released a framework to open source that it implements internally to evaluate the security posture of the numerous vendors it uses for various services each year. The company’s Vendor Security Assessment Questionnaire (VSAQ) Framework is a collection of four templates with questions for evaluating the quality of a supplier’s security and privacy practices. By releasing the framework to the open-source community, Google officials said they want to give other organizations an opportunity to do the same kind of evaluation that Google itself does when selecting vendors and suppliers.