IT, Vendor Management, Procurement, Sourcing Leaders, Strategist, and Auditors can use IT/Business Vendor Management framework to plan, manage, map out activities/tasks, audit, and identify roles to run a vendor management program. Vendor Risk Management (VRM) is a component of the Enterprise Risk Management (ERM) but increased importance of security and recent incidents of vendor credentials being exploited by hackers has lead organizations to prioritize IT Vendor Risk Management with more and more focus on technology security and compliance. In addition IT management need to focus more on Offshore Vendors to manage IT Security Risk, Compliance Risk, Operational Risk, Strategic Risk, Geography Risk, and Financial Risk.
eInnosec have relied on guidance from national and international established vendor management frameworks to design state of the art approach to implement vendor management program that also take into account IT Security Risk and Privacy Risk in addition to traditional risks: Compliance, Operational, Strategic, Geography, and Financial.
The vendor risk management framework is designed to match the categories of vendors: Strategic, Emerging, Legacy, and Tactical. IT Security Risk management approach is designed to evaluate not only non-technical risk but also technical risks by extensive testing of vulnerabilities and system hardening by vendors.
Another important aspect of framework is phased implementation that would suit the size, nature, and compliance requirement of the business.
With the detailed knowledge acquired over years we have perfected vendor auditing techniques including off shore vendor audits.
eInnosec services include:
- Assist with risk assessment framework selection and implementation
- Design VRM that suits the size and nature of business
- Implement VRM
- Offshore vendor audits includes outsourced vendors
- Perform Vendor Risk Assessment
- Perform Vendor IT Security Risk Assessment
- Design programs for continuous vendor audits
- Implement sustainable risk assessment methodology within established budget
- Training staff on risk assessment methodology