Risk Assessments

 View Only
  • 1.  Strategic Partners

    Posted 07-23-2021 11:42 AM
    We have a TPRM system for our third parties following standard ISO27001 principles. Do people use a deep framework for dealing with their strategic partners or one size fits all.


  • 2.  RE: Strategic Partners

    Posted 07-28-2021 10:25 AM
    We see a wide variety of strategies used to manage vendor and third party relationships. Some attempt to use one-size fits all, and others have a very complex and sometimes fully customized review process for each vendor engagement. We tend to find, however, that the most practical solution is one that falls somewhere in between. It's good to have any framework, but the trick is in the implementation, and knowing when it is and isn't applicable to a particular service. Sometimes only some components are.
    Does anyone else use ISO27001 who would like to comment?