http://kilpen.com/tags/third-party-risk/Recent content in Third-Party-Risk on KilPen Technical Services - IT with AlohaHugoen-usThu, 18 Jun 2026 00:00:00 +0000http://kilpen.com/client-security-guides/third-party-risk-management/Thu, 18 Jun 2026 00:00:00 +0000http://kilpen.com/client-security-guides/third-party-risk-management/<p><strong>Applies to:</strong> Any small organization, nonprofit, or team that relies on outside vendors and SaaS tools — accounting software, a CRM or donor database, email and file storage, a payment processor, contractors, and the dozens of apps connected to them.<br> <strong>Audience:</strong> Organizations with little or no dedicated IT/security staff and a limited budget, who still need to take reasonable, defensible care of the data their vendors touch — including donor, client, member, and financial data.</p>http://kilpen.com/client-security-guides/vendor-security-requirements/Thu, 18 Jun 2026 00:00:00 +0000http://kilpen.com/client-security-guides/vendor-security-requirements/<blockquote> <p><strong>For our clients — how to use this page (do not send this box).</strong> This is the <strong>vendor-facing companion</strong> to our <a href="../third-party-risk-management/">Third-Party &amp; Vendor Risk Management guide</a>. The section below the line is written to be <strong>sent directly to a vendor</strong> that handles your data. Fill in the bracketed fields (<code>[…]</code>), delete this instruction box, and send it as an email, a PDF, or an attachment to a contract or statement of work. Send it to the vendors in your &ldquo;crown-jewel&rdquo; bucket — the ones that touch personal data, money, or your accounts. For large providers (Google, Microsoft, Stripe, etc.), expect them to answer by pointing you to their security/trust page rather than replying point by point; that&rsquo;s acceptable. KilPen can help you tailor or send this.</p>