Vendor Onboarding

[TBD]

Outcome

• A process to evaluate new vendors is in place and mandatory
• Its analyzed how the vendor handles security related topics like compliances, data management, authentication, if it has a security department, how they handle breaches, etc
• Its also analyzed other requirements from other departments like legal
• A risk score is assigned to the vender, and approved or not based on its risk and/or if specific requirements are met
• An owner is assigned to the vendor's tool
• Training is given to the users of the 3rd party

Metrics

• Overall Risk Score
• Number of venders onboarded with the process
• Top of high risk vendors
• Top of controls more missed by vendors

Tools & Resources

• Sprinto (Paid)
• Bitsight (Paid)

Also refer to the tools mentioned in here.

Further Reading

• TBD