This report is available only to Outsourcing Excellence/Cybersecurity members. For information on membership, please contact us

Organizations run significant risks, both financial and operational, when they do not periodically assess the security risks vis-à-vis their strategic suppliers. Such an assessment requires an evaluation of suppliers’ criticality to determine whether they support critical businesses and/or are critical in terms of security, and accordingly conduct periodic risk assessments to ensure data-/evidence-driven decision-making. In this executive brief, Everest Group analysts provide best practices for a well-defined cyber risk management process across the supplier life cycle, incorporating best practices from industry standards such as ISO 27001-2, ISO 27036-2, and ISO 27701:2019.

Note: Everest Group publishes Executive Briefs for senior executives from enterprises. These briefs address hot industry topics and particularly challenging issues of the day in an easy-to-digest format.