Charging for a vendor risk assessment

I work in security for a mid size tech company that provides services and hardware to a number of other companies. I am asked complete risk assessments and security reviews all the time, this is normal and expected.


This week I received a supplier risk assessment request from a "big" discount retailer we have done some business with in the past. Like many companies they have chosen to outsource this to a third-party firm, not unusual.


What is unusual is …

assessment assessments big companies cybersecurity discount hardware normal request reviews risk risk assessment risk assessments security services size supplier tech vendor week work