Kevin -
I would not want to invite multiple vendors to the same meeting. I would think there may be confidentiality issues (particularly if they are competitors). I believe the business owner (relationship owner) should hold quarterly meetings with their vendors, and review SLAs and roadmap.
I also don't think you can expect all your vendors to do this. I think only vendors with whom you have a certain threshold of dollar business would want to engage with you this way. Speaking as a vendor, they are likely not staffed to meet quarterly with each of their customers.
------------------------------
Kate Wakefield, CISSP / CIPT / CRISC
Infoblox Director of GRC
------------------------------
Original Message:
Sent: 04-09-2024 12:29 PM
From: Kevin Gates
Subject: CISO Forum with key vendors?
I'm looking for opinions and experience if anyone has held (or contemplated) information security focused forums with their key vendors? Essentially, it would be a sort of CISO roundtable with our key vendors to discuss emerging topics and information security roadmaps to ensure alignment and help foster an open dialog over any challenges or opportunities.
I have some reservations (would key vendors commit to sending a CISO or would it be watered down through delegation; would an open discussion take place among potentially competing organizations), but hoping someone has real world experience and not just theories.
Thank you in advance