Back to Shop
Build a Vendor Security Assessment Service
Build a Vendor Security Assessment Service
€69.98
(Excl. 21% tax)
  • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
  • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
  • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

Our Advice

Critical Insight

  • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
  • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
  • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

Impact and Result

  • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
  • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
  • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

Build a Vendor Security Assessment Service Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define governance and process

Determine your business requirements and build your process to meet them.

  • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
  • Vendor Security Policy Template
  • Vendor Security Process Template
  • Vendor Security Process Diagram (Visio)
  • Vendor Security Process Diagram (PDF)

2. Develop assessment methodology

Develop the specific procedures and tools required to assess vendor risk.

  • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
  • Service Risk Assessment Questionnaire
  • Vendor Security Questionnaire
  • Vendor Security Assessment Inventory

3. Deploy and monitor process

Implement the process and develop metrics to measure effectiveness.

  • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
  • Vendor Security Requirements Template
[infographic]

Workshop: Build a Vendor Security Assessment Service

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Define Governance and Process

The Purpose

Understand business and compliance requirements.

Identify roles and responsibilities.

Define the process.

Key Benefits Achieved

Understanding of key goals for process outcomes.

Documented service that leverages existing processes.

Activities

1.1 Review current processes and pain points.

1.2 Identify key stakeholders.

1.3 Define policy.

1.4 Develop process.

Outputs

RACI Matrix

Vendor Security Policy

Defined process

2 Define Methodology

The Purpose

Determine methodology for assessing procurement risk.

Develop procedures for performing vendor security assessments.

Key Benefits Achieved

Standardized, repeatable methodologies for supply chain security risk assessment.

Activities

2.1 Identify organizational security risk tolerance.

2.2 Develop risk treatment action plans.

2.3 Define schedule for re-assessments.

2.4 Develop methodology for assessing service risk.

Outputs

Security risk tolerance statement

Risk treatment matrix

Service Risk Questionnaire

3 Continue Methodology

The Purpose

Develop procedures for performing vendor security assessments.

Establish vendor inventory.

Key Benefits Achieved

Standardized, repeatable methodologies for supply chain security risk assessment.

Activities

3.1 Develop vendor security questionnaire.

3.2 Define procedures for vendor security assessments.

3.3 Customize the vendor security inventory.

Outputs

Vendor security questionnaire

Vendor security inventory

4 Deploy Process

The Purpose

Define risk treatment actions.

Deploy the process.

Monitor the process.

Key Benefits Achieved

Understanding of how to treat different risks according to the risk tolerance.

Defined implementation strategy.

Activities

4.1 Define risk treatment action plans.

4.2 Develop implementation strategy.

4.3 Identify process metrics.

Outputs

Vendor security requirements

Understanding of required implementation plans

Metrics inventory

IT Risk Management · IT Leadership & Strategy implementation · Operational Management · Service Delivery · Organizational Management · Process Improvements · ITIL, CORM, Agile · Cost Control · Business Process Analysis · Technology Development · Project Implementation · International Coordination · In & Outsourcing · Customer Care · Multilingual: Dutch, English, French, German, Japanese · Entrepreneur
Tymans Group is a brand by Gert Taeymans BV
Gert Taeymans bv
Europe: Koning Albertstraat 136, 2070 Burcht, Belgium — VAT No: BE0685.974.694 — phone: +32 (0) 468.142.754
USA: 4023 KENNETT PIKE, SUITE 751, GREENVILLE, DE 19807 — Phone: 1-917-473-8669

Copyright 2017-2022 Gert Taeymans BV