Abstract
This article seeks to draw the attention of the executive management of enterprises to the growing importance of vendor risk assessments. Given that modern enterprises outsource non-core processes and operations to business partners and vendors, it is immensely important that a thorough risk assessment is performed of all control aspects and at all times—before the outsourcing and continuing risk assessments. Regulators hold enterprises responsible for data leakages by business partners and vendors. Therefore, enterprises need to ensure that appropriate metrics for measurement of vendor and business partner performance is well laid out in the agreements with the vendors and business partners. Indicative reference framework such as COBIT 5 framework for vendor management, how we manage a cloud service provider and key risk assessment processes have been provided to assist the executive management. Third party audits of businesses and operations of key vendor and business partners need to be conducted.
Additional information
Notes on contributors
Latha Sunderkrishnan
Latha Sunderkrishnan (CISA, ISO27001 LA, COBIT 5 Foundation) is an Executive Director at Valsec solutions India, http://valsecsolutions.com/. She is an Electronics Engineer with more than 20 years of experience in IT with various multinational organizations working with a wide variety of technologies. She has worked in Information Security Audits and Consulting, Information Security trainings, Project Management, Quality Assurance, and Customer Support. She can be reached at [email protected] or lathasunderkrishnan.valsecsolutions.com