Third Party Vendor Risk Management

Outsourcing provides notable rewards but they don’t come without risk.
The use of cloud computing and outsourced services like suppliers, hosting and consultants are becoming a common dependency in companies from small to large businesses. How do you know if shared information is safe?
“Responsibility isn’t always obvious”
John offers key questions to ask when managing third party vendor risk:
- What form of testing is suitable for the risks defined?
- What form of assurance/attestation is best?
- What direct access/testing is required for incident response/monitoring?
- What reporting and service level agreements do we need to monitor?