Build a Vendor Security Assessment Service

Use a risk-based approach to right-size your vendor security assessments.

RETIRED CONTENT

Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Organizations that don’t take a risk-based approach to vendor due diligence struggle with:

  • Business units circumventing their controls.
  • Vendors who refuse to co-operate.
  • Lack of internal resources to meet demand for vendor assessments.
  • Limited scopes that don’t assess changing risks.

Taking a risk-based approach to vendor due diligence will:

  • Win over reluctant internal clients.
  • Encourage vendors to fully co-operate with assessments.
  • Reduce the costs of performing vendor assessments.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Define Governance and Process

The Purpose

  • Understand business and compliance requirements.
  • Identify roles and responsibilities.
  • Define the process.

Key Benefits Achieved

  • Understanding of key goals for process outcomes.
  • Documented service that leverages existing processes.

Activities: Outputs:
1.1 Review current processes and pain points.
1.2 Identify key stakeholders.
  • RACI Matrix
1.3 Define policy.
  • Vendor Security Policy
1.4 Develop process.
  • Defined process

Module 2: Define Methodology

The Purpose

  • Determine methodology for assessing procurement risk.
  • Develop procedures for performing vendor security assessments.

Key Benefits Achieved

  • Standardized, repeatable methodologies for supply chain security risk assessment.

Activities: Outputs:
2.1 Identify organizational security risk tolerance.
  • Security risk tolerance statement
2.2 Develop risk treatment action plans.
  • Risk treatment matrix
2.3 Define schedule for re-assessments.
2.4 Develop methodology for assessing service risk.
  • Service Risk Questionnaire

Module 3: Continue Methodology

The Purpose

  • Develop procedures for performing vendor security assessments.
  • Establish vendor inventory.

Key Benefits Achieved

  • Standardized, repeatable methodologies for supply chain security risk assessment.

Activities: Outputs:
3.1 Develop vendor security questionnaire.
  • Vendor security questionnaire
3.2 Define procedures for vendor security assessments.
3.3 Customize the vendor security inventory.
  • Vendor security inventory

Module 4: Deploy Process

The Purpose

  • Define risk treatment actions.
  • Deploy the process.
  • Monitor the process.

Key Benefits Achieved

  • Understanding of how to treat different risks according to the risk tolerance.
  • Defined implementation strategy.

Activities: Outputs:
4.1 Define risk treatment action plans.
  • Vendor security requirements
4.2 Develop implementation strategy.
  • Understanding of required implementation plans
4.3 Identify process metrics.
  • Metrics inventory

Book this workshop now to accelerate your IT projects

Visit our IT Critical Response Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171
© Info-Tech Research Group | Terms of Use | Privacy Policy