At a guess, the column headings are:
- Risk Level
- Criticality Level
- Unknown or Has access to Sensitive Date -- I believe that is case as most of them have more Controls
- Controls that must be tested/received/evaluated/acceptable
- Frequency of Review
-------------------------------------------------------
Note: You may wish to update the image and blank out user name in lower right hand corner and repost.
As exercise, you can see a pattern on why some Critical vendors (with no data access // column 3 = No) have less due diligence.
Personally, I would split controls into two columns. Those that must be conducted before contract/before renewal; and those that must be done only after due diligence (i.e., Contract, MSA, etc.)
Original Message:
Sent: 03-15-2022 11:21 AM
From: Anonymous Member
Subject: Oversight Automation
This message was posted by a user wishing to remain anonymous
This oversight automation was set up like this prior to me joining my recent position. Now that I am head of the Vendor Managment Program, I need help sorting out what needs to go where. I think this is far too much!