Vendor Management Lifecycle
Step 1: Vendor Selection
- may involve
- a formal request for proposal (RFP) process
- or informal evaluation and selection process
- evaluate:
- security
- quality and and effectiveness of risk management program
- the controls, methodologies, and policies in place to control risk that could affect your org
Step 2: Onboarding
- onboarding begins once vendor is selected
- verify details of the contract
- involves:
- setting up technical arrangements for data transfer
- establish encryption and controls to protect information
- establish procedures for incident response
Step: 3 Maintenance
- continue to monitor vendor security practices
- site visits
- review independent audit and assessment reports
- handle security incidents as they arise
Step 4: Offboarding
- ensure vendor destroys all confidential information