Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Watch List

    Posted 29 days ago
    Hello, 

    We are exploring options on enhancing our 3rd party watch list, as our threat intelligence monitoring identifies/communicates risk, we are curious how other organizations frame this type of monitoring. 


  • 2.  RE: Watch List

    Posted 29 days ago
    Very interested in this as well. 

    Greg A





  • 3.  RE: Watch List

    Posted 29 days ago
    We keep ours very simple. We have an initial risk assessment and an annual one based on various elements and how integrated/dependent we are on the vendor. We use the following: 

    1. Criticality
    2. Dependence
    3. Financial Commitment
    4. Performance
    5. Regulatory Impact
    6. Business Impact
    7. Supply Chain

    We have just begun developing our vendor management program and are starting slow and we thought this was a good start. I would be interested in any feedback if anyone has any.