Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. If I’m going to call something dumb, I’d better have some logic to back it up. Good thing. I do.

Third-party information security risk management options

Before we get into the details of using spreadsheets, let’s first cover the options for managing third-party information security risk. You have options.