Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Watch List

    Posted 11-01-2022 08:30 AM

    We are exploring options on enhancing our 3rd party watch list, as our threat intelligence monitoring identifies/communicates risk, we are curious how other organizations frame this type of monitoring. 

  • 2.  RE: Watch List

    Posted 11-01-2022 12:45 PM
    Very interested in this as well. 

    Greg A

  • 3.  RE: Watch List

    Posted 11-01-2022 01:59 PM
    We keep ours very simple. We have an initial risk assessment and an annual one based on various elements and how integrated/dependent we are on the vendor. We use the following: 

    1. Criticality
    2. Dependence
    3. Financial Commitment
    4. Performance
    5. Regulatory Impact
    6. Business Impact
    7. Supply Chain

    We have just begun developing our vendor management program and are starting slow and we thought this was a good start. I would be interested in any feedback if anyone has any.