First, the good news. Many institutional investors are taking security more seriously and dedicating a portion of their requests for information or requests for pricing to questions about a potential vendor's security.
As part of the institutional investment community and in dealing with large amounts of money, you're likely investing in security as a priority. You've set up due diligence requirements for your managers and are asking potential partners and vendors an exhaustive list of questions related to their security measures and protocols.
Now, the bad news. Many of the most commonly asked security questions in RFIs actually undercut due diligence processes by eliciting misleading, ambiguous or irrelevant information.
You're asking the wrong questions and therefore unable to accurately assess and evaluate the security profile of a potential partner or vendor, and the consequences can be serious: You could be opening the door to a host of damaging security risks.
Here is what you should be doing instead: