Build a Vendor Security Assessment Service
Use a risk-based approach to right-size your vendor security assessments.
Book This Workshop
Organizations that don’t take a risk-based approach to vendor due diligence struggle with:
- Business units circumventing their controls.
- Vendors who refuse to co-operate.
- Lack of internal resources to meet demand for vendor assessments.
- Limited scopes that don’t assess changing risks.
Taking a risk-based approach to vendor due diligence will:
- Win over reluctant internal clients.
- Encourage vendors to fully co-operate with assessments.
- Reduce the costs of performing vendor assessments.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Define Governance and Process
The Purpose
- Understand business and compliance requirements.
- Identify roles and responsibilities.
- Define the process.
Key Benefits Achieved
- Understanding of key goals for process outcomes.
- Documented service that leverages existing processes.
Activities: | Outputs: | |
---|---|---|
1.1 | Review current processes and pain points. |
|
1.2 | Identify key stakeholders. |
|
1.3 | Define policy. |
|
1.4 | Develop process. |
|
Module 2: Define Methodology
The Purpose
- Determine methodology for assessing procurement risk.
- Develop procedures for performing vendor security assessments.
Key Benefits Achieved
- Standardized, repeatable methodologies for supply chain security risk assessment.
Activities: | Outputs: | |
---|---|---|
2.1 | Identify organizational security risk tolerance. |
|
2.2 | Develop risk treatment action plans. |
|
2.3 | Define schedule for re-assessments. |
|
2.4 | Develop methodology for assessing service risk. |
|
Module 3: Continue Methodology
The Purpose
- Develop procedures for performing vendor security assessments.
- Establish vendor inventory.
Key Benefits Achieved
- Standardized, repeatable methodologies for supply chain security risk assessment.
Activities: | Outputs: | |
---|---|---|
3.1 | Develop vendor security questionnaire. |
|
3.2 | Define procedures for vendor security assessments. |
|
3.3 | Customize the vendor security inventory. |
|
Module 4: Deploy Process
The Purpose
- Define risk treatment actions.
- Deploy the process.
- Monitor the process.
Key Benefits Achieved
- Understanding of how to treat different risks according to the risk tolerance.
- Defined implementation strategy.
Activities: | Outputs: | |
---|---|---|
4.1 | Define risk treatment action plans. |
|
4.2 | Develop implementation strategy. |
|
4.3 | Identify process metrics. |
|