Skip to content

Vendor Onboarding

[TBD]

Outcome

  • A process to evaluate new vendors is in place and mandatory
  • Its analyzed how the vendor handles security related topics like compliances, data management, authentication, if it has a security department, how they handle breaches, etc
  • Its also analyzed other requirements from other departments like legal
  • A risk score is assigned to the vender, and approved or not based on its risk and/or if specific requirements are met
  • An owner is assigned to the vendor's tool
  • Training is given to the users of the 3rd party

Metrics

  • Overall Risk Score
  • Number of venders onboarded with the process
  • Top of high risk vendors
  • Top of controls more missed by vendors

Tools & Resources

Also refer to the tools mentioned in here.

Further Reading