What is the VSAQ (Vendor Security Alliance Questionnaire)?
The Vendor Security Alliance Questionnaire (VSAQ) explained—scope, adoption, and how it fits alongside SIG and CAIQ.
Trust · SecureSlate Team
- all posts (2140)
- Tools & Software (177)
- CMMC (41)
- GRC (567)
- TPRM (82)
- Cybersecurity (165)
- FedRAMP (40)
- GDPR (110)
- HIPAA (159)
- SOC 2 (258)
- ISO 27001 (278)
- ISO 42001 (28)
- AI (60)
- NIST (39)
- Trust (52)
- PCI DSS (39)
- Templates (10)
- Vendor Risk (3)
- Risk Management (1)
- HITRUST (14)
- Security (1)
- Comparisons and reviews (33)
- DORA (8)
- Vendor Risk Management (5)
- Compliance (3)
- Security Operations (1)
- Access Control (1)
- Strategy (3)
- Guides (10)
- CJIS (1)
- CCPA (1)
- NIS 2 (7)
- Case Study (5)
- Engineering (1)
What is third-party risk management (TPRM)?
TPRM is the discipline of identifying, assessing, treating, and monitoring risk from vendors and partners. Learn components, roles, and tooling.
TPRM · SecureSlate Team
What is vendor onboarding? Benefits and best practices
Vendor onboarding connects procurement, security, and IT provisioning. Learn benefits, steps, and how to avoid access sprawl.
TPRM · SecureSlate Team
When tokenmaxxing leads to riskmaxxing: Shadow AI and what security leaders should do
When tokenmaxxing leads to riskmaxxing: Shadow AI and what security leaders should do — When Tokenmaxxing Leads To Riskmaxxing Shadow AI. Vendor Risk, AI guidance…
Vendor RiskAI · SecureSlate Team
Who is responsible for SOC 2? Roles, RACI, and how to avoid a one-person program
SOC 2 is a company-wide program—not only security. Learn who owns SOC 2, which teams contribute evidence, and how to assign accountability before audit fieldwork.
SOC 2 · SecureSlate Team
Who needs FedRAMP Moderate? Key requirements and how to prepare
FedRAMP Moderate: FedRAMP Moderate is the default for many multi-tenant cloud products handling federal information. Know the audience, co…
FedRAMP · SecureSlate Team
Who needs ISO 42001 certification? Industries, triggers, and when to start
ISO 42001 fits organizations that build, deploy, or rely on AI in regulated or high-trust markets. Learn who needs certification and when an AIMS pays off.
ISO 42001 · SecureSlate Team
Who needs to comply with DORA? All your questions answered
Who needs to comply with DORA? See the 21 in-scope entity types, exemptions, the January 2025 deadline, penalties, ICT third-party rules, and four steps to get compliant.
DORA · SecureSlate Team
Who needs to comply with FedRAMP?
FedRAMP applies when federal agencies use your cloud service—or when you sell through channels that require a FedRAMP authorization package.
FedRAMP · SecureSlate Team
Why cheaper code isn't always cheap: build vs buy for compliance platforms
AI makes writing code faster—but owning it still costs more. See why building a GRC platform in-house often costs 3–6× buying SecureSlate over five years.
GRCStrategy · SecureSlate Team
