Build a Vendor Security Assessment Service

Use a risk-based approach to right-size your vendor security assessments.

Onsite Workshop

Organizations that don’t take a risk-based approach to vendor due diligence struggle with:

  • Business units circumventing their controls.
  • Vendors who refuse to co-operate.
  • Lack of internal resources to meet demand for vendor assessments.
  • Limited scopes that don’t assess changing risks.

Taking a risk-based approach to vendor due diligence will:

  • Win over reluctant internal clients.
  • Encourage vendors to fully co-operate with assessments.
  • Reduce the costs of performing vendor assessments.

Module 1: Define Governance and Process

The Purpose

  • Understand business and compliance requirements.
  • Identify roles and responsibilities.
  • Define the process.

Key Benefits Achieved

  • Understanding of key goals for process outcomes.
  • Documented service that leverages existing processes.

Activities: Outputs:
1.1 Review current processes and pain points.
1.2 Identify key stakeholders.
  • RACI Matrix
1.3 Define policy.
  • Vendor Security Policy
1.4 Develop process.
  • Defined process

Module 2: Define Methodology

The Purpose

  • Determine methodology for assessing procurement risk.
  • Develop procedures for performing vendor security assessments.

Key Benefits Achieved

  • Standardized, repeatable methodologies for supply chain security risk assessment.

Activities: Outputs:
2.1 Identify organizational security risk tolerance.
  • Security risk tolerance statement
2.2 Develop risk treatment action plans.
  • Risk treatment matrix
2.3 Define schedule for re-assessments.
2.4 Develop methodology for assessing service risk.
  • Service Risk Questionnaire

Module 3: Continue Methodology

The Purpose

  • Develop procedures for performing vendor security assessments.
  • Establish vendor inventory.

Key Benefits Achieved

  • Standardized, repeatable methodologies for supply chain security risk assessment.

Activities: Outputs:
3.1 Develop vendor security questionnaire.
  • Vendor security questionnaire
3.2 Define procedures for vendor security assessments.
3.3 Customize the vendor security inventory.
  • Vendor security inventory

Module 4: Deploy Process

The Purpose

  • Define risk treatment actions.
  • Deploy the process.
  • Monitor the process.

Key Benefits Achieved

  • Understanding of how to treat different risks according to the risk tolerance.
  • Defined implementation strategy.

Activities: Outputs:
4.1 Define risk treatment action plans.
  • Vendor security requirements
4.2 Develop implementation strategy.
  • Understanding of required implementation plans
4.3 Identify process metrics.
  • Metrics inventory

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
GET HELP Contact Us
×
VL Methodology