Vendor Risk Management
-
Building Effective Vendor Risk Management Framework
- Outsourcing objectives and activities
- Classification of vendors
- Cataloging og cybersecurity risks
- Performance monitoring criteria
- Contract terms and agreements
- Develop a system to assess future vendors and set a minimum acceptable hurdle for the quality of any future third-parties
- Assess current outsourcing policy and other supporting IT/Organization policies and procedures
-
Vendor Risk Assessment
- Inventorying of vendors
- Categorisation of vendors
- Assess vendors for potential risks
- Validation of due diligence
- Mitigation plan of residual risk
- Establish contingency plans if a third-party is deemed below quality or a data breach occurs
- Review current vendor contracts
-
Vendor Risk Management Tool
- Single repository for contracts, due diligence documentation and outsourcing related policies
- Automated workflows and assessment of vendors
- Vendor performance monitoring
- Executive reporting
Recent Comments