Due Diligence and Ongoing Monitoring

This message was posted by a user wishing to remain anonymous

Hi,
Need your advice and suggestions, on framing a process, procedure and methods for initiating a periodic vendor security assessments.
A VSRM process in place, and scoped for new engagements of existing supplier base or new supplier assessments.

As these suppliers are renewing SOW's and contracts, what could be best approach for conducting assessments to cover as periodic assessments, assessment scope  & context to include, should this be basis previous assessment report, should consider delta assessment, should current threat landscape of supplier network posture.....any specific frameworks to include to define its context

Need your guidance

thank you all

I'm not sure if this is specifically on point, but I recently came across a great article on RSI Security's blog which provides an overview of the NIST framework. Here's the link: https://blog.rsisecurity.com/basics-of-the-nist-risk-assessment-framework/

Does that help at all?

Joe

Original Message:
Sent: 10-13-2020 09:59 AM
From: Anonymous Member
Subject: Framework of Periodic Vendor Security Assessments

This message was posted by a user wishing to remain anonymous

Hi,
Need your advice and suggestions, on framing a process, procedure and methods for initiating a periodic vendor security assessments.
A VSRM process in place, and scoped for new engagements of existing supplier base or new supplier assessments.

As these suppliers are renewing SOW's and contracts, what could be best approach for conducting assessments to cover as periodic assessments, assessment scope  & context to include, should this be basis previous assessment report, should consider delta assessment, should current threat landscape of supplier network posture.....any specific frameworks to include to define its context

Need your guidance

thank you all