Vendor risk management (VRM) is a organizational strategy in identifying and decreasing potential business uncertainties and legal liabilities regarding the hiring of 3rd party vendors for information technology (IT) products and services.
When an enterprise outsources business processes to an external vendor, sensitive data may be transmitted, stored and processed on both company and vendor networks. Regulations like the Payment Card Industry Data Security Standard (PCI DSS) mandate that risk management policies extend to third-party vendors, outsourcers, contractors and consultants.
Vendor risk management strategy should include:
- A contract outlining the business relationship between the organization and the business.
- Consistent monitoring of vendor performance to ensure that contract stipulations are being met.
- Guidelines regarding who will have access to what information as part of the vendor agreement.
- Stipulations to ensure that vendors meet regulatory compliance guidelines for your industry, and a method to monitor this compliance.
A vendor who have strong understanding of the below criteria can be potentially be a candidate in sourcing the business needs :
- Policies & Procedures
- Patch management
- Information systems security
- Network infrastructure
- Remote access and VPN
- Firewall intrusion detection and prevention
- Malware controls
- Disaster Recovery
- Business Continuity
- Incident management
- Problem management
No comments:
Post a Comment