Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS2.3 - Supplier Risk Management

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS2.3 - Supplier Risk Management is contained within Process Popup Manage Third-party Services.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
22 Members
0 Online
4556 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Supplier Risk Management

Identify and mitigate risks relating to suppliers’ ability to continue effective service delivery in a secure and efficient manner on a continual basis. Ensure that contracts conform to universal business standards in accordance with legal and regulatory requirements. Risk management should further consider non-disclosure agreements (NDAs), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Compliance with legal and contractual requirements
  • Reduced incidents and potential losses
  • Indentification of low-risk, well-managed suppliers
  Risk Drivers
  • Non-compliance with regulatory and legal obligations
  • Security as well as other incidents
  • Financial losses and reputational damage because of service interruption

View Control Practices  help

Hide Control Practices  help

  1. Identify and monitor supplier risks in accordance with the organisation’s established risk management process.
  2. Identify and document in the contract supplier risks (and remedies) associated with the supplier’s inability to fulfil the contractual agreement(s).
  3. When defining the contract, consider remedies including software escrow agreements, alternative suppliers or standby agreements in the event of supplier failure.
  4. Review all contracts for legal and regulatory requirements.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 23 total

Events & Online Learning: 0 total

No Results Found

Journal Articles: 45 total

Volume 2, 2018
by Ofir Eitan, CISM, CCSK, CTI
In the wake of the Target breach, the threat of cyberattacks using an enterprise’s supply chain as a delivery vector has become a common concern within the information security community.
Volume 6, 2017
by Robert Putrus, CISM, CFE, CMC, PE, PMP
This article presents a risk-based management approach to third-party data security risk and compliance through the development of a third-party risk register.
Volume 2, 2017
by Vasant Raval, DBA, CISA, ACMA, and Samir Shah, CISA, CA, CFE, CIA, CISSP
The business model of the early 20th century depicted a large, integrated company that owned, managed and directly controlled its resources.
Volume 6, 2016
by Sunil Bakshi, CISA, CGEIT, CISM, CRISC, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
During the past 30 years, enterprises have been embracing new methods to transform their operations to use IT and related technology to provide a higher level of customer service.
Volume 6, 2016
by Reviewed by Sunil Bakshi, CISA, CGEIT, CISM, CRISC, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
The increased use of outsourcing arrangements and the acceptance of cloud computing models has benefits and associated risk.
Volume 6, 2016
by Shirali Vyas, CA, ICAI
The 2008 financial crisis and its cascading effects have made it necessary to redefine the supplier risk management norms.

Wikis: 2 total

Blog Posts: 6 total

Must be a Topic member to view blog posts
14 May 2018
Recently, I witnessed an interesting webcast by Scopism, an UK-based consulting and training company. They announced the publication of the SIAM(c) Foundation Body of Knowledge, available for free through their website www.scopism.com. Service Integration...
Posted By : Peter873 | 1 comments
Ina fast changing world of business and relentless competition, strategicplanning is not only critical, but also the differentiating factor for anorganization. Since IT has moved from a supportive role to a more strategicrole, the IT Strategic Planning an...
Posted By : SA | 0 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
"Combatirse a sí mismo es la guerra más difícil; vencerse a sí mismo es la victoria más bella"Friedrich von Logau (1605-1655) Poeta alemán.En estos momentos en que la contratación de un profesional para una empresa debe de ser un tema muy bien planteado, ...
Posted By : Javier | 0 comments
13 Nov 2014
Now a days, you don’t need to be a IT guru or best software programmer to access /control other personal/organization data. If you follow below techniques, you can easily get confidential information.1. Masquerading2. Tailgeting (Piggy back)3. Dumpster di...
Posted By : Shaklain | 1 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments