We consider our service desk vendor relationship to be a critical relationship and evaluate it at our highest level of due diligence requirements. We would therefore ask for SOC 1 & 2 (if both available), financials, DR/BCP plan and testing results, copy of third party risk policy, copy of privacy policy, copy of infosec policy and current COI. We additionally request copies of any cyber security or third party risk assessments or certifications such as PCI, SIG, Privacy Shield or ISO. Finally, InfoSec reviews and may run a third party assessment such as Normshield.
Shelly
------------------------------
Shelly Chase
Senior Risk Analyst Officer
------------------------------
Original Message:
Sent: 06-17-2021 09:48 AM
From: Daniel Rodriguez
Subject: Service Desk Vendors
We are currently looking at utilizing a service desk vendor and wondering what kind of due diligence do we need to review from them? Would anyone have any recommendations?
Thanks!