Build a Vendor Security Assessment Service
Use a risk-based approach to right-size your vendor security assessments.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Organizations that don’t take a risk-based approach to vendor due diligence struggle with:
- Business units circumventing their controls.
- Vendors who refuse to co-operate.
- Lack of internal resources to meet demand for vendor assessments.
- Limited scopes that don’t assess changing risks.
Taking a risk-based approach to vendor due diligence will:
- Win over reluctant internal clients.
- Encourage vendors to fully co-operate with assessments.
- Reduce the costs of performing vendor assessments.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Define Governance and Process
The Purpose
- Understand business and compliance requirements.
- Identify roles and responsibilities.
- Define the process.
Key Benefits Achieved
- Understanding of key goals for process outcomes.
- Documented service that leverages existing processes.
Activities: | Outputs: | |
---|---|---|
1.1 | Review current processes and pain points. |
|
1.2 | Identify key stakeholders. |
|
1.3 | Define policy. |
|
1.4 | Develop process. |
|
Module 2: Define Methodology
The Purpose
- Determine methodology for assessing procurement risk.
- Develop procedures for performing vendor security assessments.
Key Benefits Achieved
- Standardized, repeatable methodologies for supply chain security risk assessment.
Activities: | Outputs: | |
---|---|---|
2.1 | Identify organizational security risk tolerance. |
|
2.2 | Develop risk treatment action plans. |
|
2.3 | Define schedule for re-assessments. |
|
2.4 | Develop methodology for assessing service risk. |
|
Module 3: Continue Methodology
The Purpose
- Develop procedures for performing vendor security assessments.
- Establish vendor inventory.
Key Benefits Achieved
- Standardized, repeatable methodologies for supply chain security risk assessment.
Activities: | Outputs: | |
---|---|---|
3.1 | Develop vendor security questionnaire. |
|
3.2 | Define procedures for vendor security assessments. |
|
3.3 | Customize the vendor security inventory. |
|
Module 4: Deploy Process
The Purpose
- Define risk treatment actions.
- Deploy the process.
- Monitor the process.
Key Benefits Achieved
- Understanding of how to treat different risks according to the risk tolerance.
- Defined implementation strategy.
Activities: | Outputs: | |
---|---|---|
4.1 | Define risk treatment action plans. |
|
4.2 | Develop implementation strategy. |
|
4.3 | Identify process metrics. |
|