Risk Assessments

 View Only

  • 1.  ERP and other Enterprise Solutions

    This message was posted by a user wishing to remain anonymous
    Posted 03-08-2023 12:34 PM
    This message was posted by a user wishing to remain anonymous

    Hello Community,

    How are folks scoping and conducting assessments for enterprise solutions such as big name ERP solutions? SOC2's and long lists of compliance certifications are readily available for these third parties but my question is more specific to scoping and the breadth of these assessments. Is a common approach to assess beyond the solution and its operating environment and over to the implementation specifics and internal management of the solution? 

    Thank you



  • 2.  RE: ERP and other Enterprise Solutions

    Posted 03-29-2023 01:05 PM
    Enterprise Resource Planning solutions will typically be critical vendors with high risk driven by the companies data involved. The answer is yes, consider the implementation, not just the solution/vendor level of due-diligence. This is because solution locations vary (on-premise vs cloud), support models vary, so in the end, your control requirements of the vendor will also vary for areas like Availability/BC/DR and InfoSec/Cyber.

    I'd love to hear other members' thoughts.