Vendor Onboarding
[TBD]
Outcome
- A process to evaluate new vendors is in place and mandatory
- Its analyzed how the vendor handles security related topics like compliances, data management, authentication, if it has a security department, how they handle breaches, etc
- Its also analyzed other requirements from other departments like legal
- A risk score is assigned to the vender, and approved or not based on its risk and/or if specific requirements are met
- An owner is assigned to the vendor's tool
- Training is given to the users of the 3rd party
Metrics
- Overall Risk Score
- Number of venders onboarded with the process
- Top of high risk vendors
- Top of controls more missed by vendors
Tools & Resources
Also refer to the tools mentioned in here.