This message was posted by a user wishing to remain anonymous
Hi, we started with this just a few months back and hence not too high in terms of maturity. For this the approach we follow is in terms of the criticality of the service supported by the vendor (we have a criticality assessment template but not risk based approach):
- Core business service dependency;
- Internal control function dependency;
- is the service supported by the vendor is time critical;
- Data hosted on the platform is critical, etc.
If the answer is yes, we categorize the vendor as critical. In the future once we are more mature, we might move to a score-based/risk-based approach.
Original Message:
Sent: 02-08-2023 03:53 AM
From: Srinivasa Rao
Subject: Framework & implementation
Hi All,
We are in the banking industry, TPRM policy & procedure is approved, we are in the stage of preparing the Framework & implementation from the base & looking for some inputs
I have the below data - Vendor list from Sourcing team & P2P team.
My Doubts – How to bucket the vendors into categories.
How to Create the risk rating matrix.
Just stuck from where to start. Need help
Sri