- Vendor Risk Assessment programs enable organizations to objectively measure and manage the risk posed by the IT systems, suppliers, sites and other key assets and processes on which they depend, using proven methodologies and tools driven by practical experience and analysis of the factors that drive risk up or down. It differs from other approaches in that it differentiates based on the criticality of the vendor and then delivers the appropriate controls scorecard based on the organization defined risk factors.
- It also allows progressively stringent parameters to allow improved control compliance as the relationship strengthens over time and provides a workflow to track non-compliant controls to closure.
Vendor Risk Assessment has 4 phases
Criticality Assessment
Risk Assessment
Remediation Tracking
Reporting and metrics
