Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine your business requirements and build your process to meet them.
Develop the specific procedures and tools required to assess vendor risk.
Implement the process and develop metrics to measure effectiveness.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand business and compliance requirements.
Identify roles and responsibilities.
Define the process.
Understanding of key goals for process outcomes.
Documented service that leverages existing processes.
1.1 Review current processes and pain points.
1.2 Identify key stakeholders.
1.3 Define policy.
1.4 Develop process.
RACI Matrix
Vendor Security Policy
Defined process
Determine methodology for assessing procurement risk.
Develop procedures for performing vendor security assessments.
Standardized, repeatable methodologies for supply chain security risk assessment.
2.1 Identify organizational security risk tolerance.
2.2 Develop risk treatment action plans.
2.3 Define schedule for re-assessments.
2.4 Develop methodology for assessing service risk.
Security risk tolerance statement
Risk treatment matrix
Service Risk Questionnaire
Develop procedures for performing vendor security assessments.
Establish vendor inventory.
Standardized, repeatable methodologies for supply chain security risk assessment.
3.1 Develop vendor security questionnaire.
3.2 Define procedures for vendor security assessments.
3.3 Customize the vendor security inventory.
Vendor security questionnaire
Vendor security inventory
Define risk treatment actions.
Deploy the process.
Monitor the process.
Understanding of how to treat different risks according to the risk tolerance.
Defined implementation strategy.
4.1 Define risk treatment action plans.
4.2 Develop implementation strategy.
4.3 Identify process metrics.
Vendor security requirements
Understanding of required implementation plans
Metrics inventory