Sometimes a vendor may not pose enough risk to an organization to make it needed to actively monitor; therefore, some organizations choose to write certain third parties out of scope. In this 90-second podcast, we will cover the steps you need to take to determine the vendors that need to be included in your vendor oversight and how to best assess risk.