Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS2.2 - Supplier Relationship Management

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS2.2 - Supplier Relationship Management is contained within Process Popup Manage Third-party Services.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
15 Members
0 Online
4251 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Supplier Relationship Management

Formalise the supplier relationship management process for each supplier. The relationship owners should liaise on customer and supplier issues and ensure the quality of the relationship based on trust and transparency (e.g., through SLAs).

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Relationships promoted that support the overall enterprise objectives (both business and IT)
  • Effective and efficient communication and problem resolution
  • Clear ownership of responsibiltiies between customer and supplier
  Risk Drivers
  • Supplier not responsive or committed to the relationship
  • Problems and issues not resolved
  • Inadequate service quality

View Control Practices  help

Hide Control Practices  help

  1. Define and formalise roles and responsibilities for each service supplier.
  2. Assign relationship owners for all suppliers and make them accountable for the quality of service(s) provided.
  3. Document the supplier relationship managers and communicate the information within the organisation.
  4. Establish and document a formal communication process between the organisation and the service provider.
  5. Ensure that contracts with key service suppliers provide for a review of supplier internal controls by management or independent third parties.
  6. Regularly review the reports between the organisation and the service supplier.
  7. Register incidents caused by suppliers and report them using the company’s internal incident management process.
  8. Periodically review and assess supplier performance against established and agreed-upon service levels. Clearly communicate suggested changes to the service supplier.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 23 total

Events & Online Learning: 0 total

No Results Found

Journal Articles: 45 total

Volume 2, 2018
by Ofir Eitan, CISM, CCSK, CTI
In the wake of the Target breach, the threat of cyberattacks using an enterprise’s supply chain as a delivery vector has become a common concern within the information security community.
Volume 6, 2017
by Robert Putrus, CISM, CFE, CMC, PE, PMP
This article presents a risk-based management approach to third-party data security risk and compliance through the development of a third-party risk register.
Volume 2, 2017
by Vasant Raval, DBA, CISA, ACMA, and Samir Shah, CISA, CA, CFE, CIA, CISSP
The business model of the early 20th century depicted a large, integrated company that owned, managed and directly controlled its resources.
Volume 6, 2016
by Reviewed by Sunil Bakshi, CISA, CGEIT, CISM, CRISC, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
The increased use of outsourcing arrangements and the acceptance of cloud computing models has benefits and associated risk.
Volume 6, 2016
by Shirali Vyas, CA, ICAI
The 2008 financial crisis and its cascading effects have made it necessary to redefine the supplier risk management norms.
Volume 6, 2016
During the past 30 years, enterprises have been embracing new methods to transform their operations to use IT and related technology to provide a higher level of customer service.

Wikis: 2 total

Blog Posts: 6 total

Must be a Topic member to view blog posts
28 Sep 2017
Recently, I witnessed an interesting webcast by Scopism, an UK-based consulting and training company. They announced the publication of the SIAM(c) Foundation Body of Knowledge, available for free through their website Service Integration...
Posted By : Peter873 | 0 comments
Ina fast changing world of business and relentless competition, strategicplanning is not only critical, but also the differentiating factor for anorganization. Since IT has moved from a supportive role to a more strategicrole, the IT Strategic Planning an...
Posted By : SA | 0 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
"Combatirse a sí mismo es la guerra más difícil; vencerse a sí mismo es la victoria más bella"Friedrich von Logau (1605-1655) Poeta alemán.En estos momentos en que la contratación de un profesional para una empresa debe de ser un tema muy bien planteado, ...
Posted By : Javier | 0 comments
13 Nov 2014
Now a days, you don’t need to be a IT guru or best software programmer to access /control other personal/organization data. If you follow below techniques, you can easily get confidential information.1. Masquerading2. Tailgeting (Piggy back)3. Dumpster di...
Posted By : Shaklain | 1 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments