Critical Vendor or Critical FUNCTION?
You have HOW MANY critical vendors?!?!?!?!? I always find the perception of CRITICAL VENDOR to be very interesting. As Certified Regulatory Vendor Program Managers (CRVPM) know, when reviewing vendor management programs we typically see way too many vendors listed as critical, usually for a couple of [...]
So many SOC’s to review, so little time and staff to go around. Here’s a crash course:
Crash course here: http://bit.ly/1Oobnan Everyone is heavily overburdened with the demands of trying to comply with regulations. So if your IT or Info Security team doesn't have enough staff to review all SOC reports (or possibly just reviews those with exceptions) yet your internal audit dept [...]
Reassessing Vendor Risk – An Ongoing Necessity
So you've done your initial INHERENT risk rating of your vendor and then conducted your due diligence to determine the RESIDUAL risk and you're comfortable doing business with the vendor so you sign a contract. A year from now you plan to conduct the periodic review. [...]
Plan Your Exit Before You Outsource!
When considering outsourcing a service, it's essential to have an Exit Strategy in place so that you can transition the service to another vendor or bring it back in house prior to or at the end of the contract term. This should be done before you [...]