Managing vendor security risks just got easier. On December 20th, Blacksmith is rolling out a new tool that helps Managed Service Providers (MSPs) track, assess, and manage their vendors’ security practices – turning a traditionally complex process into something manageable.
Building Trust Through Better Vendor Management
One of the biggest benefits of this new feature is how it helps MSPs build stronger relationships with their clients. Since many businesses aren’t actively thinking about vendor security, MSPs can use this tool to guide important conversations about third-party risks and demonstrate their value as a security partner.
Beyond Just Paperwork: A Complete Vendor Management System
“When you’re managing third-party risk, you need to know who your vendors are and what they’re offering – but it goes way beyond just getting a Business Associate Agreement signed,” explains Jared, one half of Blacksmith Infosec’s founding duo and the company’s CTO.
The new addition to their tool helps MSPs:
- Track all vendor relationships in one place
- Collect and maintain security review evidence
- Monitor audit schedules and agreement renewals
- Integrate with existing business systems like SharePoint
Risk Tiering: Smart Prioritization
The system helps you categorize vendors based on both the level and type of risk they present to your clients. This is especially crucial for:
- Critical systems requiring higher scrutiny
- Vendors handling sensitive data
- Compliance-heavy industries like healthcare, where you need to track and report the full data lineage
Designed for Every MSP
While some of Blacksmith’s more sophisticated vCISO partners wanted even more advanced capabilities, the team deliberately struck a balance. “We needed to meet our most demanding customers’ needs while still keeping it accessible as a good starting point,” Jared notes.
This makes the tool valuable whether you’re just beginning your vendor management journey or looking to enhance an existing program.
Simple But Powerful Process
Jared describes it as a “stupid simple approach to a complex problem.” The process is straightforward:
- Add a vendor to the system
- Input the vendor’s name
- Assess data sensitivity and type
- Evaluate criticality of the vendor to business operations
- Evaluate risk level
At launch, users will receive a document-based beta version of the evaluation system, with more automated evaluation assistance planned for future updates. The tool also includes document tracking and review notifications to help MSPs stay on top of their vendor management responsibilities.
Compliance Made Easier
This feature is particularly valuable for compliance, as most risk frameworks require vendor reviews. For regulated industries like healthcare, where HIPAA compliance demands detailed data lineage tracking, the tool provides a systematic way for MSPs to maintain and demonstrate compliance throughout the supply chain for both them and for clients.
Looking Forward
The December 20th launch marks an important step forward in making vendor security management more accessible for MSPs. By combining robust functionality with ease of use, Blacksmith’s new feature helps IT providers strengthen their security offerings while building deeper trust with their clients.
For MSPs looking to enhance their third-party risk management capabilities, this new feature provides a practical, systematic approach to a traditionally complex challenge. It’s not just about managing risk – it’s about building stronger, more secure relationships with both vendors and clients.