Last Updated on March 16, 2023
Managing vendor risk isn’t easy.
Often it’s time-consuming and expensive, and diverts scarce resources from other critical tasks. As a result, many companies have ad hoc, inconsistent or weak vendor due diligence programs. Outsourcing vendor due diligence reviews and security questionnaires to an expert third-party can be a quick and cost-effective approach to bring you and your customers peace of mind.
This post shares the cost range for vendor due diligence reviews and explains the factors that could influence your final cost.
How much does a vendor due diligence review cost?
Costs for 90% of our clients fall between these figures:
- On the low end, $200 to $500 per vendor for automated reviews conducted using Pivot Point Security’s Accelerated Vendor Due Diligence (AVDD) solution
- In the middle you have fully manual reviews that will range from $2,500 to $3,500
- On the high end, $15,000 to $20,000 for a comprehensive, onsite audit of an especially critical vendor
Your actual costs will depend on several factors, including how much you can leverage automation, how extensive/detailed your questionnaires need to be, and whether you need an onsite audit for an especially critical vendor.
Cost drivers for vendor due diligence reviews
The following factors can influence the cost of a vendor due diligence review:
- Degree of automation
Using an automated platform like Pivot Point’s AVDD can reduce per-vendor review costs significantly, while manual review of artifacts and questionnaire responses to augment automation adds to the cost. - Vendor risk
Critical vendors require a “deeper due diligence dive” and hence more time and cost. - Questionnaire complexity
When using questionnaires to assess vendor practices, more comprehensive questionnaires usually take more time and cost to evaluate. - Onsite or offsite audits
Onsite audits obviously entail more time and cost than remote evaluations. - Number of reviews
The per-review cost generally drops as the number of reviews conducted increases. In other words, you’ll likely get a per-review price break for 100 vendor reviews versus just 1 or 2.
Examples of review scenarios
These basic scenarios illustrate how various drivers influence the cost of vendor due diligence reviews:
- The least expensive vendor due diligence reviews (at $200-$500 per review) are those conducted with a fast, reliable automated solution like Pivot Point’s AVDD.
- Checking the results of an automated solution with manual review of vendor artifacts and survey responses increases the cost to about $1,000 per review.
- Leveraging third-party expertise to conduct vendor reviews end-to-end without using automation generally costs about $2,500-$3,000 per review.
- More complex reviews of high-risk, highly critical vendors (e.g., using a full Standardized Information Gathering (SIG) questionnaire and tools) typically cost between $6,000-$7,000 per review.
- A comprehensive onsite audit of a critical vendor’s security controls (e.g., using Standardized Control Assessment (SCA) methodology) usually costs $15,000 to $20,000.
ISO 27001 Recipe & Ingredients for Certification eBrief
ISO 27001 Recipe & Ingredients for Certification eBrief Discover what you need to achieve ISO 27001 certification! This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.
